Please read this carefully
Last updated: July 23rd, 2018
Your privacy is important to us.
What is a Data Controller? For general data protection regulation purposes, the “Data Controller” means the organization who decides the purposes for which and the way in which any personal data is processed. Our customers are the Data Controllers.
What is a Data Processor? A “Data Processor” is an organization which processes Personal Information for a Data Controller. We are the Data Processor for our customers. As a Data Processor, we are bound by the requirements of the General Data Protection Regulations (the “GDPR”).
What is Data Processing? Data processing is any operation or set of operations performed upon Personal Information (whether automated or not). Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What is Personal Information? Personal information is any information which is about you, from which you can be identified. Personal Information includes information such as an individual's name, address, telephone number, or e-mail address. Personal Information also includes information about an individual's activities, such as information about his or her activity on Site or our Services, and demographic information, such as date of birth, gender, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual. Personal Information does not include "aggregate" or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed.
How do we collect Personal Information?
In our service as a Data Processor, we collect Personal Information from Data Controllers in 4 ways:
We accept Personal Information from our customers using all of these services for the purpose of managing, generating, and aggregating statistics for the controller, and perform our duties as expected by the Data Controller. We then submit the generated documentation to the Data Controller’s payment processor through the official payment processor integration or to the controller directly.
What information do we collect?
We may collect the following types of Personal Information from you:
We may also collect and aggregate information about the use of our Site and our Services. That information could include information such as your Internet Protocol (IP) address (an IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet), browser type, operating system, the web page that you were visiting before accessing our Site, the pages or features of our Site which you browsed and the time spent on those pages or features, search terms, the links on our Site that you clicked on and other statistics. If you access our Site using a mobile device, we may collect information such as a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
What do we use your Personal Information for?
We may also use your Personal Information where necessary for us to comply with a legal obligation, including to share information with government and regulatory authorities when required by law or in response to legal process, obligation, or request.
We will request your consent before we use or disclose your Personal Information for a materially different purpose than those set forth in this Policy. Consent may be obtained by any legally sufficient method. For example, depending on the circumstances and applicable laws, consent may be obtained by providing you with notice and the opportunity to opt-out.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us by sending us an email or by writing to us at the address given at the end of this policy. Additionally, if we offer user account functionality on any of our Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us. Please be aware that if you opt-out of receiving commercial e-mail from us, it may take up to ten business days for us to process your opt-out request, and you may receive commercial e-mail from us during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services.
How do we protect your Personal Information?
We implement a variety of security measures to maintain the safety of your Personal Information when you enter, submit, or access your Personal Information. In addition, we are certified as SOC 2 compliant. SOC 2 is an auditing procedure that ensures that we securely manage your Personal Information. Upon becoming aware of a breach of your Personal Information, we will notify you as quickly as we can and will provide timely information relating to the breach as it becomes known or as is reasonably requested by the you.
Who at Chargehound may access your Personal Information?
Designated members of our staff may access Personal Information to help our customers with any questions they have, including help using the product, investigating security issues, or following up on bug fixes with the customer. This activity is logged in our system for compliance, and we maintain different levels of access for its employees depending on their role in our company. For certain payment processors, only the Data Protection Officer has the ability to access additional business metrics from the payment processor (for purposes of investigating potential security breaches and fraud, or otherwise with the permission of the customer).
Do we disclose any information to outside parties?
Except as set out below, we do not sell, trade, or otherwise transfer to outside parties your Personal Information. Non-personally identifiable visitor information, however, may be provided to other parties for marketing, advertising, or other uses.
Customers belong to organizations on Chargehound and may invite other team members. Team members will have access to the organization’s data (including Personal Information) that we process on behalf of the Data Controller. Each customer can designate team administrators who can control who has access to the Personal Information.
We may disclose Personal Information to third-party service providers (for example, payment processing and data storage and processing facilities) that assist us in our work. We limit the Personal Information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such Personal Information. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
Your Personal Information may also be transferred to another company in the event of a transfer, change of ownership, reorganization or assignment of all or part of our businesses or assets. This will occur if the parties have entered into an agreement under which the collection, use and disclosure of the information is limited to those purposes of the business transaction, including a determination whether or not to proceed with the business transaction. You will be notified via email or prominent notice on our websites for thirty (30) days of any such change in ownership or control of your Personal Information or as otherwise may be required or permitted by law.
How do we handle global transfers and process of your Personal Information?
Principle of Onward Transfer
In the context of an onward transfer of data to a third party, a Privacy Shield organization has responsibility for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. We shall remain liable under the Principles if its agent processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Retention of your Personal Information
We retain your Personal Information for as long as we need to fulfill our Services. In particular, we need to retain Personal Information in order to help our customer perform their duties in responding and representing fraudulent chargebacks. The Personal Information we hold can be tied to potential fraudulent activity on our customers’ platforms, as well as financial data. As such, we may need to retain that Personal Information for a long period of time, because that Personal Information can be requested or audited by our customers’ risk or finance departments, and for tax audit purposes. In addition:
Children’s Online Privacy Protection Act Compliance
Our Site, products and services are all directed to people who are at least 18 years old or older. We strive to comply with the requirements of COPPA (Children’s Online Privacy Protection Act). If this server is in the United States, and you are under the age of 13, do not use this site. We do not knowingly collect Personal Information from children under the age of 18 or your country’s age of minority. If you nevertheless believe that your child has provided us with their Personal Information, please contact us and we will delete it.
Other rights you have include the rights to:
In compliance with the Privacy Shield Principles, we are committed to resolving any complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Privacy Officer as follows: Backspaces Inc., Attn: Chargehound.com Privacy Issues, 1212 Broadway, Suite 1700, Oakland, CA 94612; or privacy@Chargehound.com. If we are unable to satisfactorily resolve any complaint relating to the Privacy Shield, or if we fail to acknowledge your complaint in a timely fashion, you can submit your complaint to JAMS, which provides an independent third-party dispute resolution service based in the United States. JAMS has committed to respond to complaints and to provide appropriate recourse at no cost to you. To learn more about JAMS's dispute resolution services or to refer a complaint to JAMS, visit here. If neither we nor JAMS resolves your complaint, you may pursue binding arbitration through the Privacy Shield Panel. To learn more about the Privacy Shield Panel, visit here.
Attn: Chargehound.com Privacy Issues
1212 Broadway, Suite 1700
Oakland, CA 94612