Last Updated 9 December 2020
2. Information Collection and Use
What information do we collect?
We collect information in several ways: (i) when you send us an e-mail or communicate via any other electronic means we will store the address and the conversation history; (ii) when you register via our Website we will collect and store certain personal data that may include your address, phone numbers, credit card numbers, IP address, location, information about your computer or device and other standard web log information; (iii) when a customer uses a checkout process on a merchant’s website that is integrated to PCIVault.io, we will gather and may store payment card data, billing details and other personal data required to process the transaction.
We refer to the information we collect generally as “personal information”, which includes any information that can be used to identify and individual, or any anonymous information that is linked to a specific individual. Any information that is aggregated or becomes anonymous such that it cannot be reasonably associated with an individual shall not be considered personal information.
The types of personal information we collect and our use of that personal information will depend on whether you are a website user, merchant or end customer.
When you browse our Website, you will not be required to provide any personal information. We may, however, gather non-personally-identifiable information solely for the purposes of monitoring our Website and the services that we offer through it. We will not share this information with third parties or use it to target any advertisements to you.
When you visit our Website we offer you the opportunity to sign-up for a free test account that gives you the ability to integrate to our API and run test transactions in our sandbox environment before you commit to purchasing a paid subscription plan. As part of this process, we may collect your IP address, information about your computer, and other standard web log information. We will also collect your email address and other personal information that we may use to update you about your account with PCIVault.io and our service generally.
When you sign-up for a paid production account, in addition to the information above, we require you to provide a valid credit card and contact email. We will only use this information to ensure that your PCIVault.io account remains in good standing until you elect to terminate your subscription.
Once you begin using the PCIVault.io service for production transactions, we will keep records of your transactions and collect information of your other activities related to our service.
When a merchant using PCIVault.io’s service collects payment information from you, they will collect personal information from you and pass it to us. This personal information includes your payment card or bank account information, and may include your email address, phone number, and billing and shipping address. When you use a merchant’s website to store your payment card details for future use, we will use the personal information you provide to the merchant to store those card details.
We may collect information about your computer (including your IP address), operating system and browser type, for system administration purposes.
We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website, deliver a better and more personalized service, look for possible fraudulent activity, and to be better understand the sources of traffic to our Website.
Children’s Online Privacy Protection Act
Our Website and the services we offer are directed to the general public, but are not directed at persons under the age of 13. We do not knowingly collect information from children under 13 years of age nor do we have any reasonable grounds for believing that children under the age of 13 are accessing our Website or using our services. If we do learn that we have inadvertently collected personal information from a child under the age of 13, we will promptly delete that information. If you believe that we may have collected any information from a child under 13 years of age, please contact us.
What we do with your information?
PCIVault.io uses the information we collect for the following general purposes including products and services provisioning, billing, identification and authentication, service improvement, contact, and research.
We may occasionally email you with information about new service. You may opt out of these emails by clicking on the unsubscribe link contained in such communications or by replying with unsubscribe in the subject line. Please note that you will continue to receive communications about your PCIVault.io account including billing invoices and usage notifications.
3. Sharing and Disclosure of Information
We are not allowed to disclose personal information without your written permission and will never sell or rent your personal information to marketers.
We will only disclose personal information in response to a request if we believe in good faith that it is necessary to comply with any applicable law or legal requirement. We will use reasonable efforts to provide you prompt notice prior to such disclosure so that you can contest the requirement if you choose unless we determine in good faith that: (i) we are not permitted to provide you such notice under any applicable law; or (ii) giving such notice would result in an imminent risk of death, serious injury or significant property loss or damage to PCIVault.io or a third party.
4. Data Retention
Personal information we collect and use for any purpose or purposes shall not be retained for longer than is necessary for that purpose or those purposes.
PCIVault.io owns the data storage, databases and all rights to the PCIVault.io application, but we make no claim to the rights of your data. You retain all rights to your data and we will never contact your clients directly, or use your data for our own business advantage or to compete with you or market to your clients.
To offer our service we are required to retain certain data you provide us to ensure transactions are processed correctly, to identify fraudulent activity, and to comply with applicable laws and regulations. Accordingly, even if you close your PCIVault.io account and we export your data to a third party, we will retain certain information as necessary to meet these obligations.
5. Credit Card Transactional Data
PCIVault.io sits in a unique position, seeing credit card transactional data from a wide range of global credit cards running across a diverse set of financial payment providers. In an attempt to help improve the performance of payment networks, PCIVault.io may aggregate credit card transactional information and may sell that aggregated data to interested third parties.
“Interested third parties” are customers of our data as a service (DaaS) offering. They are typically focused on comparing their experience of credit card transaction service (specifically, success and decline rates and gateway latency) to the industry overall, with an eye to reducing decline rates and thus improving the payment experience for all involved. By “aggregated data” we mean data collected at the gateway level across all merchants transacting through that gateway.
We DO NOT collect or share any personal identifying information of any individual (such as name, address, credit card or social security number, or other identifiers), any data concerning any PCIVault.io merchant customer, or any type of Stock Keeping Unit identification code or other information that indicates what product or service was purchased.
6. Security and Protection of Information
The security of your personal information is important to us. We take all reasonable steps and follow generally accepted industry standards to ensure that the personal information we hold is protected from misuse, interference, loss, unauthorized access, modification or disclosure by the use of various methods including access limitation, and industry-standard Secure Socket Layer (SSL) encryption technology. We take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date, relevant and stored securely. Security safeguards include data encryption, firewalls, and physical access controls to building and files. PCIVault.io’s systems are certified as Level 1 PCI compliant and all data retention and credit card information is maintained in accordance with the PCI standards as determined by the PCI Security Standards Council.
You are responsible for the use and safeguarding of any login ID that we issue to you regarding the use of the Website or our service and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to other sensitive data regarding your account with us, and to your computer and systems.
PCIVault.io provides some or all of its service from systems located outside of Europe. Accordingly, any European merchants and/or merchants collecting information from European persons by using PCIVault.io’s service must disclose to their customers that personally identifiable information may be transferred, processed and stored outside of Europe.
PCIVault.io maintains strict administrative technical, and physical procedures to protect information stored in our servers, which are located in the United States, and access to personal information is limited to only those employees who require it to perform their job functions.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our Website, you should get in touch.
7. EU-U.S. and Swiss-U.S. Privacy Shield Policy
In cases of onward transfers to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-U.S. Privacy Shield, PCIVault.io Inc., is potentially liable, unless PCIVault.io., proves that it is not responsible for the event giving rise to the damage.
Inquiries & Complaints
We will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information. If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using JAMS as a third party resolution provider. For more information on filing a complaint with JAMS, please visit: https://www.jamsadr.com/eu-us-privacy-shield.If your complaint is not resolved through the above channel, in certain limited circumstances you may qualify to invoke binding arbitration before the ‘Privacy Shield Panel’ set up by the US Department of Commerce and the European Commission.
We reserve the right to modify this privacy statement at any time, so please review it occasionally to ensure you’re still in agreement with its provisions. If we make material changes to this policy, we will notify you here or by means of a notice on our Website so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy.
9. Questions; Access, Corrections and Complaints
PCIVault.io is a vendor neutral PCI DSS compliant environment provided by SnapBill, Inc. It is a SaaS solution offering Tokenisation as a Service (TaaS) combined with it's own Entropy as a Service (EaaS) engine for lightning quick enterprise grade encryption.