Please read this carefully
Dispute Automation Privacy Statement
Last updated: July 26th, 2022
View archived privacy statementContents
This Privacy Statement aims to provide you with sufficient information regarding Chargehound LLC’s (“we,” “us” or “our”) use of your Personal Data when you visit our website, apply for, or use our Services. Our Services include the Dispute Automation by Chargehound products and services and all products and services offered by Chargehound LLC (including our fraud and chargeback handling service provided through our customer portal on the Site, as well as all related applications, widgets, software, tools, and other services provided by us and on which a link to this Privacy Statement is displayed). We encourage you to read this Privacy Statement and to use it to help you make informed decisions.
This Privacy Statement does not apply to any third-party websites, services or applications, even if they are accessible through our Site or Services. When you click on links to third-party websites, products, or services, your Personal Data will become subject to the privacy policies and practices of those third parties. We have no responsibility or liability for the content and activities of these linked sites . You should therefore read the privacy notices provided by any third-party offerings.
Certain capitalized terms that are not otherwise defined in this Privacy Statement are explained in Section 14 (“Definitions”) at the end of this Statement.2. Our Role as a Data Controller and Data Processor
We are a Data Controller of Personal Data collected and processed when you access our Site, sign up for a product demonstration, send us an email, register with us as a Merchant, interact with us on social media, or provide information directly when you communicate with us, such as by calling or emailing the customer service. This means that we are determining the purposes and means of the processing of Personal Data
We also receive information about individuals indirectly in connection with providing our Services to Merchants. In these cases, we serve as a service provider or data processor. This means that we will access your Personal Data on behalf of our Merchant customers. This Privacy Statement does not cover Personal Data for which we act in those capacities. In such cases, the privacy statements published by the Merchant or the payment processor that the individual did business with should be reviewed to learn about how the Merchants or the payment processor have decided to collect, use, or share the individual’s Personal Data.3. Personal Data We Collect about You
We may collect Personal Data about you when you visit our Site, create an account through or for use on the Site, use our Services, interact with us on social media, or provide information directly when you communicate with us, such as by calling or emailing customer service.
We also may receive an individual’s Personal Data from our Merchants and their payment processors in connection with providing our Services. In that case, we act a service provider or data processor, and use and disclose that Personal Data according to the Merchant’s instructions.
The types of Personal Data we collect about you may include the following:
Personal data collected from you such as:
Personal data automatically collected such as:
Personal data collected from others such as:
We may Process your Personal Data for a variety of reasons that are permitted under data protection laws in the applicable jurisdictions and in accordance with the applicable lawful bases.
The information we collect about you may be used in any of the following ways:
We may also use Personal Data to contact you regarding products, services, and offers that we believe you may find of interest. You may opt out from receiving marketing communications from us as described in Section 9 (“Your Data Protection Rights”) below.
We may also use your Personal Data where we believe doing so is necessary for us to comply with a legal obligation. This may include sharing information with government and regulatory authorities or other third parties when required by law or in response to legal process, obligation, or request. We may disclose your Personal Data to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable.
We will request your consent before we use or disclose your Personal Data for a materially different purpose than those set forth in this Privacy Statement. Consent may be obtained by any legally sufficient method. For example, depending on the circumstances and applicable laws, consent may be obtained by providing you with notice and the opportunity to opt-out.5. Do We Share Personal Data, and Why?
We may share your Personal Data or other information about you with others for the following reasons:
We retain Personal Data for as long as needed or permitted in context of the purpose for which it was collected and consistent with applicable law. If we are involved in litigation or a governmental or regulatory investigation, then we keep data throughout the period of litigation or investigation and for 5 years after that. If a settlement means that we must keep data for longer, then we keep data for the period required to administer the settlement. If we provide data to law enforcement agencies, then we keep a record of the disclosure for one year beyond the end of the investigation.7. Personal Data International Transfers
Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. Please note, however, that if you don’t accept cookies, you may not be able to access all portions or features of the Site or the Services or they may not work properly.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. At this time, our Site is not designed to respond to DNT signals or similar mechanisms from browsers.9. Your Data Protection Rights
Under applicable data protection law, you have certain rights to control our collection and use of your Personal Data. Your rights include:
Access, rectification, deletion, objection, portability, and restriction of your information
Lodging a complaint generally
Right to object to Direct Marketing
Right to object to Legitimate Interest processing
To exercise your data protection rights, please contact us at email@example.com. We may need to request additional information to verify your identity and your authorized agent’s identity (where applicable) before responding to your request.
If you live in California, in addition to the rights of access and deletion referenced above:
Information we received indirectly in connection with providing our Services
We may also receive information about an individual indirectly in connection with providing our Services to Merchants. In these cases, we serve as a service provider or data processor and have no direct relationship with the individual whose Personal Data we are processing. An individual who seeks to access, correct, amend, or delete Personal Data provided to us by a Merchant, or exercise other data subject rights under the applicable law, should direct their query to the Merchant.
If you are a Merchant, you may:
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. In addition, we maintain a SOC 2 Type 2 certification. SOC 2 is an auditing procedure that assesses our ability to securely manage your Personal Data.
While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and account registration information and verifying that the Personal Data we maintain about you is accurate and current.11. Can Children Use Our Services?
Our Services are all directed to Merchant and their representatives who are at least 18 years old or older. If you are under the age of 18, do not use our Services. We do not knowingly collect Personal Data from children under the age of 18 or your country’s age of minority. If you nevertheless believe that your child has provided us with their Personal Data, please contact us immediately so we can remove it from our system.12. Updates to this Privacy Statement
We revise this Privacy Statement from time to time to reflect changes to our business, Services, or applicable laws. If we are going to use your Personal Data in a manner materially different from that stated at the time of collection or in this Statement, or if the revised version otherwise requires notice in accordance with applicable law, then we will notify you by posting a notice on our Site prior to such use or by other means as required by law. Otherwise, the revised Privacy Statement will be effective as of the published effective date.13. Contact Information
If you have any questions, comments, or concerns about this Privacy Statement, please contact us at firstname.lastname@example.org.
PayPal (Europe) S.à.r.l et Cie S.C.A. has been appointed as Chargehound’s local representative in the EU. It is registered in Luxembourg with registration number B 118349 and can be contacted at 22-24 Boulevard Royal L-2449, Luxembourg.
Residents of Australia may contact the Office of the Australian Information Commissioner (“OAIC”) in relation to the handling of their personal information. You may contact OAIC on: Phone: 1300 363 992; Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001.14. Definitions
Last updated: March 17th, 2021
Effective through July 29th, 2022 for merchants who signed up for Chargehound before June 29th, 2022
Your privacy is important to us.
What is a Data Controller? For general data protection regulation purposes, the “Data Controller” means the organization who decides the purposes for which and the way in which any personal data is processed. Our customers are the Data Controllers.
What is a Data Processor? A “Data Processor” is an organization which processes Personal Information for a Data Controller. We are the Data Processor for our customers. As a Data Processor, we are bound by the requirements of the General Data Protection Regulations (the “GDPR”).
What is Data Processing? Data processing is any operation or set of operations performed upon Personal Information (whether automated or not). Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What is Personal Information? Personal information is any information which is about you, from which you can be identified. Personal Information includes information such as an individual's name, address, telephone number, or e-mail address. Personal Information also includes information about an individual's activities, such as information about his or her activity on Site or our Services, and demographic information, such as date of birth, gender, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual. Personal Information does not include "aggregate" or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed.
How do we collect Personal Information?
In our service as a Data Processor, we collect Personal Information from Data Controllers in 4 ways:
We accept Personal Information from our customers using all of these services for the purpose of managing, generating, and aggregating statistics for the controller, and perform our duties as expected by the Data Controller. We then submit the generated documentation to the Data Controller’s payment processor through the official payment processor integration or to the controller directly.
What information do we collect?
We may collect the following types of Personal Information from you:
We may also collect and aggregate information about the use of our Site and our Services. That information could include information such as your Internet Protocol (IP) address (an IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet), browser type, operating system, the web page that you were visiting before accessing our Site, the pages or features of our Site which you browsed and the time spent on those pages or features, search terms, the links on our Site that you clicked on and other statistics. If you access our Site using a mobile device, we may collect information such as a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
What do we use your Personal Information for?
We may also use your Personal Information where necessary for us to comply with a legal obligation, including to share information with government and regulatory authorities when required by law or in response to legal process, obligation, or request.
We will request your consent before we use or disclose your Personal Information for a materially different purpose than those set forth in this Policy. Consent may be obtained by any legally sufficient method. For example, depending on the circumstances and applicable laws, consent may be obtained by providing you with notice and the opportunity to opt-out.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us by sending us an email or by writing to us at the address given at the end of this policy. Additionally, if we offer user account functionality on any of our Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us. Please be aware that if you opt-out of receiving commercial e-mail from us, it may take up to ten business days for us to process your opt-out request, and you may receive commercial e-mail from us during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services.
How do we protect your Personal Information?
We implement a variety of security measures to maintain the safety of your Personal Information when you enter, submit, or access your Personal Information. In addition, we are certified as SOC 2 compliant. SOC 2 is an auditing procedure that ensures that we securely manage your Personal Information. Upon becoming aware of a breach of your Personal Information, we will notify you as quickly as we can and will provide timely information relating to the breach as it becomes known or as is reasonably requested by the you.
Who at Chargehound may access your Personal Information?
Designated members of our staff may access Personal Information to help our customers with any questions they have, including help using the product, investigating security issues, or following up on bug fixes with the customer. This activity is logged in our system for compliance, and we maintain different levels of access for its employees depending on their role in our company. For certain payment processors, only the Data Protection Officer has the ability to access additional business metrics from the payment processor (for purposes of investigating potential security breaches and fraud, or otherwise with the permission of the customer).
Do we disclose any information to outside parties?
Except as set out below, we do not sell, trade, or otherwise transfer to outside parties your Personal Information. Non-personally identifiable visitor information, however, may be provided to other parties for marketing, advertising, or other uses.
Customers belong to organizations on Chargehound and may invite other team members. Team members will have access to the organization’s data (including Personal Information) that we process on behalf of the Data Controller. Each customer can designate team administrators who can control who has access to the Personal Information.
We may disclose Personal Information to third-party service providers (for example, payment processing and data storage and processing facilities) that assist us in our work. We limit the Personal Information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such Personal Information. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
Your Personal Information may also be transferred to another company in the event of a transfer, change of ownership, reorganization or assignment of all or part of our businesses or assets. This will occur if the parties have entered into an agreement under which the collection, use and disclosure of the information is limited to those purposes of the business transaction, including a determination whether or not to proceed with the business transaction. You will be notified via email or prominent notice on our websites for thirty (30) days of any such change in ownership or control of your Personal Information or as otherwise may be required or permitted by law.
How do we handle global transfers and process of your Personal Information?
Principle of Onward Transfer
In the context of an onward transfer of data to a third party, we have responsibility for the processing of Personal Data we receive and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under applicable law if our agent processes such Personal Data in a manner inconsistent with applicable law, unless we prove that we are not responsible for the event giving rise to the damage.
Retention of your Personal Information
We retain your Personal Information for as long as we need to fulfill our Services. In particular, we need to retain Personal Information in order to help our customer perform their duties in responding and representing fraudulent chargebacks. The Personal Information we hold can be tied to potential fraudulent activity on our customers’ platforms, as well as financial data. As such, we may need to retain that Personal Information for a long period of time, because that Personal Information can be requested or audited by our customers’ risk or finance departments, and for tax audit purposes. In addition:
Children’s Online Privacy Protection Act Compliance
Our Site, products and services are all directed to people who are at least 18 years old or older. We strive to comply with the requirements of COPPA (Children’s Online Privacy Protection Act). If this server is in the United States, and you are under the age of 13, do not use this site. We do not knowingly collect Personal Information from children under the age of 18 or your country’s age of minority. If you nevertheless believe that your child has provided us with their Personal Information, please contact us and we will delete it.
Other rights you have include the rights to:
Attn: Chargehound.com Privacy Issues
548 Market St, PMB 35891
San Francisco, CA 94104
Please get in contact if you have any questions. We're here to help: email@example.com
Are you a developer? Check out our integration documentation as well as our full API reference.