Last Modified: JULY 27, 2018
Collection and Use of Personal Information
We collect information, including personal information from you when you set up a paid account, a registered free account, or a free demo account with PAYEFX, when you register or download our Mobile App(s), or when you provide your information to us directly through our Direct Payment Services. For purposes of this policy, “personal information” refers to any information about an identified or identifiable individual , including financial account information and Protected Health Information (PHI/ePHI).. “Merchants” refers to the registered Users of the PAYEFX Services on whose behalf PAYEFX processes payments and collects certain consumer information.
We collect personal information from and about Merchants through our Services, and we collect personal information from and about consumers and other individuals who make purchases from these Merchants. that use our Direct Payment Services for payment processing and customer management“Customers”).
Personal Information about consumers may be provided to us by a Merchant’s authorized Users of our Services, or directly by the consumers themselves. By providing information to us through a Direct Payment Service that is part of a Merchant’s instance of our services, consumers consent to our collection of such information and our sharing of that information with the Merchant as set forth in this policy. In cases where authorized Merchant Users enter a consumer’s Personal Information into our systems, they certify that they have received any required authorization to do so from the consumer, and that the disclosure does not violate the PCI DSS, HIPAA, or any other law or regulation.
We generally collect and use information as follows:
From Merchants with a Free Account or Demo Account
The Sites and/or Mobile App may require you to give us contact information (name, business name, phone number, e-mail address, and business industry) in order to obtain a registered free account or a free demo account. We use this information, and any personal information for your own customers (consumers) that you enter into our Service, to configure your account for sending invoices to your customers, and other uses and activities relating to our provision of the Service. We may also use this information to communicate with you about your free account usage, to provide account-specific technical support, and to provide information to you about additional PAYEFX products and services that we believe may be of interest to you.
We may also use your personal information to send you promotional products and information about PAYEFX, the Sites or our Mobile App and/or on behalf of trusted third-parties, subsidiaries and affiliates. We may also create anonymous records from personal information by excluding information (such as your name) that makes the information personally identifiable to you or one of your customers. We may use this anonymous information for certain business purposes of PAYEFX or its subsidiaries or affiliates, including but not limited to, directing future development efforts, analyzing usage patterns so that we may enhance our services, and providing reports based on anonymous non-personal information.
From Merchants with a PAYEFX Paid Account
To obtain a PAYEFX Paid Account, you must provide contact information (name, address, phone number, and e-mail address) in addition to other personal information, including but not limited to, your social security number (we may use the last 4 digits provided to obtain and store the full social security number), driver’s license state and number, Employer Identification Number (Tax ID), and billing information. When you download and use our Mobile App we may also collect certain information automatically, such as the type of mobile device you use, your unique device ID, the IP address of your mobile device, your mobile phone number, your mobile operating system, the type of mobile internet browsers you use, and information about the way you use the Mobile App. If you provide permission while installing the Mobile App we also collect precise information about the location of your device. You may also enter personal information for your own customers as part of using the PAYEFX service. You represent and warrant that you have the right to provide PAYEFX with any information, content, data, or materials provided by you, and that the disclosure does not violate the PCI DSS, HIPAA, or any other law or regulation.
We use your personal information to verify your identity, perform a credit check (if we obtain any necessary consents), and send you messages about your transactions or our company. We use billing and financial information (bank account numbers/credit card numbers) to facilitate payments through the PAYEFX system and collect fees if applicable. We use geolocation information from your mobile device to provide requested location services.
We may use your personal information to send you promotional products and information about PAYEFX, the Sites or a Mobile App and/or on behalf of our partner companies, subsidiaries and affiliates. We may also create anonymous records from personal information by excluding information (such as your name) that makes the information personally identifiable to you or one of your customers. We may use this anonymous information to direct future development, including but not limited to analyzing usage patterns so that we may enhance our services, and providing reports based on anonymous non-personal information.
From Consumers using our Direct Payment Services
Any Personal Information we collect about a consumer or other individual, whether entered directly into our systems by the consumer, or entered by an authorized Merchant User is used solely for the purpose of providing our Services or as otherwise set forth herein.
PAYEFX processes payments for and collects information from Merchants’ customers through our Direct Payment Services. When you use our Direct Payment Services to process a payment or make a purchase from a Merchant, we may collect information necessary to process that transaction, including your name, address, zip/postal code, credit card or financial account number, IP address, and any other information necessary to process or authenticate the transaction. In some cases the combination of data we collect, may be classified as Protected Health Information (PHI/ePHI). Furthermore, we may collect information about you and your purchase, as well as any personal information or demographic data that you provide at the time of purchase, including (without limitation) your email address, contact information, and other information related to the products/services purchased.
Additionally, to make our Sites more useful to you, and to adhere to the PCI DSS, HIPAA, and other applicable laws and regulations our servers (which may be hosted by a third party service provider) collect personal information and other data from you, including (without limitation) browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit. Like most internet services, we automatically gather this information and store it in log files each time you visit our website or access your account on our network.
We may also create anonymous records from Personal Information by excluding information (such as name) that makes the information personally identifiable to a specific consumer or other individual. We may use this anonymous information for certain business purposes of PAYEFX or its subsidiaries or affiliates, including but not limited to, directing future development efforts, analyzing usage patterns so that we may enhance our services, and providing reports based on anonymous non-personal information. We may also use anonymized PHI/ePHI as authorized by HIPAA.
Cookies and Similar Technologies
Certain portions of our Services may collect information via cookies, web beacons, pixel tags, and similar digital tracking technologies. These technologies can be used to collect and analyze other information related to the devices you use to access the Services, such as IP addresses, browser types, browser language, unique device identifiers and other information about your computer(s) and/or mobile device(s).
We may also use these technologies to log click-stream or similar data collected from certain portions of our Sites. Generally, this information is collected when you request pages from our Sites, and typically includes information such as the page served, the time, the source and type of browser making the request, the most recent page view, what you clicked on in order to arrive at our Sites, the content you viewed on our Sites, and other similar information relating to your use of our Sites.
We typically use these cookies and similar technologies for essential and functional purposes (e.g. to maintain an active session), to improve the performance and usability of our Sites, and to analyze how users interact with the Services (e.g. to understand how long users stay on a page, how often they return, and how they arrived at our Site). On certain portions of our Sites and Mobile App, we may collect data through these technologies for advertising, re-marketing, or other similar purposes. Click-stream and related data is typically used for purposes of system administration, to improve our Services, for marketing and advertising-related purposes, and other similar uses.
When you contact us through the Services
When you submit an online "contact us" or other online inquiry form, create a registered free account, create a free demo account, download a Mobile App, or when you call, write, fax or otherwise initiate contact with PAYEFX, we record your contact information (name, address, phone number, and email address) in our CRM (Customer Relationship Management) system. This information is used for answering your questions as well as ongoing marketing communication programs. In some cases, you may be referred to a PAYEFX online inquiry form via a link on a third party referral website. In that case, any information collected on the PAYEFX hosted online inquiry form may be shared with the referring party, and that referring party may use it for their own, non-PAYEFX related, marketing communication programs. If you exchange any messages through our Sites or through our Services, we may store those as well.
YOU CONSENT TO RECEIVE AUTODIALED CALLS FROM OR ON BEHALF OF PAYEFX AT ANY NUMBER PROVIDED TO PAYEFX, WHETHER SUCH NUMBER IS DIRECTED AT A RESIDENCE, A BUSINESS, A WIRELESS TELEPHONE, OR OTHERWISE. YOU UNDERSTAND THAT THIS CONSENT IS NOT A CONDITION OF PURCHASING THE PRODUCTS AND SERVICES OFFERED BY PAYEFX.
From Online Surveys
We may occasionally ask Merchants to complete optional online surveys. These surveys may ask a Merchant for contact information and demographic information (like zip code, age or income level). We may use this data to tailor the Merchant’s experience on the Sites and/or Mobile App, providing content that we think you might be of interest, and to display content according to the Merchant’s stated preferences. We sometimes use contact data from our surveys to send a Merchant information about our company and/or promotional material on behalf of our partners, subsidiaries or affiliates. We never use personal information about a Merchant’s customers collected via surveys to contact those customers directly.
How we Share Information with Third Parties
If you make a purchase from a Merchant using our Direct Payment Services, we may grant access to or share with the Merchant any and all information we collect as part of that transaction, including credit card and other financial account information and Protected Health Information (PHI/ePHI), except where that disclosure is prohibited by law, regulation or other obligations (e.g. for data security).
Finally, in extraordinary circumstances, we may share any personal or other information we possess, including but not limited to credit card and other financial account information and Protected Health Information (PHI/ePHI) when necessary or appropriate to: comply with the law; cooperate with law enforcement or national security requirements; respond to lawful requests; comply with law or credit card rules; participate in a lawful federal, state or local government investigation; protect the rights of PAYEFX, other PAYEFX Merchants or customers, and third parties; or to investigate violations of or to enforce our Terms of Service, Buyer Terms or Acceptable Use Policy. However, in doing so, we may: (i) dispute demands for release to the extent we believe, in our sole discretion, are unwarranted, illegitimate or overbroad; and (ii) when we determine that it is necessary or appropriate, we will notify you of any requests for release.
In all cases where we share Personal Information with third parties, we will use a "minimum necessary" standard to disclose only that information required to perform the service for which the information is disclose.
Data Retention Policy, Managing Your Information
We will retain personal information for as long as you remain an active PAYEFX Paid Account Holder, Mobile App user, and/or PAYEFX Free Account User, and for a reasonable time thereafter.
We may store on behalf of Merchants, for as long as a valid business reason exists, which may be indefinitely, any Personal Information, including but not limited to credit card and other financial account information and Protected Health Information (PHI/ePHI), collected about a consumer or other individual, whether entered directly into our systems by the consumer, or entered by an authorized Merchant User.
We may retain anonymized and aggregate data indefinitely.
Upon termination of a contract with a Covered Entity, we will remove any ePHI stored in our systems on behalf of that Covered Entity where required by applicable law or the Business Associate Agreement with the Covered Entity; any PHI that we continue to maintain, will be stored and protected per the terms of our Business Associate Agreement with the Covered Entity.
PAYEFX has security measures in place designed to protect against the loss, misuse and alteration of the information under our control, as described in our Security Page.
You may opt-out of receiving marketing communications from us by following the opt-out instructions we include in such communications.
You may opt-out of all of our information collection from your mobile device by uninstalling the Mobile App. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
To the extent required by law, you may choose to opt out of sharing with any other parties with whom we may share your personal information; however, you may be unable to use the Services or certain features if you wish to limit such sharing.
Accessing, Correcting and Deleting your Information
PAYEFX acknowledges the right of individuals to access their personal data. If you are a Merchant, you may access and modify your personal and other account information using your account settings page. You may also access, change and modify information previously provided or collected by sending an email to PAYEFX at privacy@PAYEFX.com to initiate changes or modifications or to obtain a file for review. Note that PAYEFX will require you to verify your identity prior to releasing any personal information.You may close your PAYEFX account by contacting PAYEFX Customer Care at 1-800-604-4886 or
Further, you may request that your personal information be removed from all PAYEFX systems. This request must be made in writing to the address provided below. Note that if you request removal of your personal information you will no longer have access to any existing PAYEFX account and will not be able to use any PAYEFX product or service. PAYEFX reserves the right to retain certain account information for its record-keeping or compliance purposes.
If you are a patient, customer, or otherwise do business with a Covered Entity that utilizes PAYEFX systems as part of providing service to you, you can request that the Covered Entity provide you with access to the Personal Health Information (PHI/ePHI) stored in PAYEFX systems on its behalf, that it make changes to that ePHI, and/or that the ePHI be deleted from PAYEFX systems.
Note that using the system delete function to remove any data related to your customer (such deleting a Customer Record or deleting a credit card or bank account from a Customer Record), or to remove any personal data about your company or its authorized Users (such as deleting a Staff profile), only restricts viewing that data from any system interface and prevents utilizing that data for any system function. It does not permanently delete the data from PAYEFX systems. To have any personal data permanently deleted from PAYEFX systems, you must make an official request in writing, to the address provided below or by emailing privacy@PAYEFX.com, that includes the specific information that you would like permanently deleted from PAYEFX systems. Note that PAYEFX will require you to verify your identity prior to executing any request to permanently delete data.
California residents may request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. You may make one request each year by contacting us as set forth below.
A Note About Children
We do not intentionally gather information about visitors who are under the age of 18. If you are under the age of 18 you should not use our Sites or Service.
With respect to EU Personal Data (as defined in our Terms of Service and Buyer Terms), PAYEFX (i) processes Personal Information provided as part of a Merchant account and related registration information and Customers’ Personal Information and payment information provided in connection with a payment processed by PAYEFX as necessary to complete a contract or transaction requested by the data subject, and for the legitimate interests of PAYEFX and its Merchants, specifically in relation to fraud prevention, identity theft protection, and other security measures, and for internal/administrative purposes; (ii) may process Personal Information for the legitimate interests of PAYEFX (with respect to Merchants’ EU Personal Data) or the Merchant (with respect to Customers’ EU Personal Data) relating to direct marketing; and (iii) processes Personal Information from automatic website collection (e.g. IP addresses), cookies and similar tracking technologies in accordance with data subjects’ consent, except in the case of essential and functional cookies or and IP addresses which are processed for PAYEFX’s legitimate interests in analyzing, improving and administering the Service, e.g. by delivering a web page or analyzing aggregate web traffic to our Service.
EU-U.S. Privacy Shield
PAYEFX complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. PAYEFX has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU citizens’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU citizens’ data to the extent required by law.
4275 Executive Square, Suite 200
La Jolla, CA 92037