BlueSnap Privacy Policy v.2.4 Date: 23 March 2022
BlueSnap Respects Your Privacy
Click here for California Privacy Rights
Introduction
This website and related services are owned and operated by BlueSnap a global company providing payment facilitator and payment gateway services, enabling eCommerce, marketing and payment processing, together with various subsidiaries including a European Union subsidiary BlueSnap Payment Services Ireland Limited, a UK subsidiary BlueSnap Payment Services Limited, a Canadian subsidiary BlueSnap Enterprise Canada ULC and an Australian subsidiary BlueSnap Australia Pty Limited. References to BlueSnap in this policy also include these subsidiaries unless otherwise stated. Additional subsidiaries may be added over time and shall be governed by the terms of this policy.
We understand that you care about how your information is used and shared when you enter it on our websites, www.bluesnap.com, or use BlueSnap’s payment services as a merchant or shopper, and this notice describes our privacy policy and practices.
BlueSnap respects each individual’s right to personal privacy. We will collect and use information through our website including registration forms, inquiry forms, product transaction forms, mobile and API services only in the ways disclosed in this statement.
Online payment transactions involve transfer of data across international borders, as well backing up of data at our secured data centers in the UK and USA. This means that data may be transferred, processed and stored outside the EU, the European Economic Area (EEA), UK and Switzerland. By submitting your data directly or through a third party such as a merchant you are agreeing to such transfer, processing and storage.
BlueSnap is also contractually committed with respect to data transfers from the EEA, UK and Switzerland to other countries through the use of contractual provisions including the EU’s approved ‘Standard Contractual Clauses’ and the UK’s Standard Contractual Clauses Addendum (“SCCs”). BlueSnap relies on the SCCs with respect to data transfers from the EEA, Switzerland and UK to the US in both the original and more recent modular formats. BlueSnap is committed to maintaining the principles of transparency, accountability and choice regarding the collection and use of your personal information. BlueSnap Inc., remains certified with the EU-US Privacy Shield Framework for transfers between the UK and US, and the Swiss-US Privacy Shield Framework to the extent that such frameworks are still relevant.
When using BlueSnap’s services, technologies, functions, web site or applications, the terms of this policy will apply.
BlueSnap Services and You
BlueSnap acts as a technology provider supplying secure online and mobile digital payment processing services to businesses known as merchants so that they can sell their goods and services to their shoppers both domestically and worldwide.
The personal information collected by BlueSnap depends on how you are using our services.
Individuals typically interface with BlueSnap in one of the following ways:
Site Visitor: If you are visiting our website for details about our products and services, you may be asked to enter your personal details on an online form to receive more information. Cookies may be used to track site usage to assist in product development or monitor behavior for marketing purposes. Visitors from the EU/EEA and UK may initially be asked to expressly consent to cookie usage.
Merchant: you may be a business customer that has consented to BlueSnap’s terms of service under a merchant or other formal agreement and use BlueSnap to conduct secure online sales. To set up a merchant account you will need to provide personal details, business data and identifying documentation to comply with KYC and AML requirements relating to the payments industry.
Shopper: You may be a business or consumer using BlueSnap’s secure online payment technologies to complete the purchase of goods and services from a merchant that has selected BlueSnap as its payments solution. Your own choice of payment method will usually determine what personal data is passed to BlueSnap to enable your payment transaction to take place. It could be name, address and credit/debit card details, electronic bank transfer information, or pay-wallet credentials if using a service such as PayPal, or tokenized data if using a service such as Apple Pay.
While such secure transactions may be completed in just a few seconds they are often complicated by the fact that live anti-fraud checks need to be conducted. Data also has to be passed to the relevant payment processors; banks, payment card and payment account services may need to be notified; legal tax invoices generated, and transaction confirmations delivered; and this is dictated by the Shopper’s choice of payment method and selected merchant. Often these transactions may be international in nature, involving transfer of data across borders and continents. Some or all of these steps may all involve the transfer and sharing of personal data down a chain of service providers, the storage of transaction records in accordance with regulatory or contractual requirements as well as the use of tracking cookies.
The Information BlueSnap Collects
The types of personal information we may obtain or you may choose to provide include:
- Contact information (such as name, postal address, email address, phone number)
- Business contact information, job function, title, department, name and size of organization
- Username and password
- Payment account data
- Content provided (includes social media submissions – comments, articles, ratings)
- Mobile and device unique identifiers
- Geo-location data
- Business records and identification documents
- IP address, browser type, operating system
- Other information (such as tracking behavior, cookie preferences, language preferences, age, date of birth, gender and family status), time stamps, device details
Some of this information may be collected automatically by using technologies such as cookies and web beacons, when you interact with advertisements, mobile applications, sales pages, website pages and other digital applications. Often shoppers will provide information themselves when interacting with merchants to purchase goods and services.
Use of Information Collected
The information is collected to perform the following functions:
- Process payment transactions (including authorization, clearance, invoicing, tax calculation, currency exchange, shipping, delivery, processing refunds, chargebacks, provision of customer support and dispute resolution processes)
- Generation of invoices, transaction confirmation notices, delivery of licenses, access keys, product download files and associated documentation, subscription accounts, instant notifications relating to transactions, refunds and refund notices, warranty and dispute records, customer profiles, tax payments
- Communicate with you, respond to inquiries and send service notices, issue notices about functions and services you are registered to use including significant developments about the website and/or eCommerce services. (Users cannot normally op-out of this kind of email communication without cancelling the relevant service).
- When BlueSnap acts as payment service provider, merchant and/or reseller for product suppliers, we may need to share relevant customer information with the specific merchant/product supplier involved in the transaction in order for them to fulfill the transaction. Such information is supplied on the condition that it will not be used for spamming or direct marketing by another party. Occasionally such product suppliers may sell, transfer or assign their business to new owners and in such circumstances data records may be accessible to the new owners subject to such parties satisfying the underwriting requirements of BlueSnap and assuming the ongoing responsibility for the proper protection of such data by committing to relevant contractual provisions
- Check applications for use of BlueSnap services, perform account underwriting and KYC reviews, protect against and prevent customer and transaction fraud, unauthorized transactions, claims, manage risk exposure, conduct periodic risk reviews and credit check.
- Evaluate business, product development, improve services, perform marketing activities, run billing, invoicing and account reconciliation functions
Compliance with legislation, regulations, legal requirements and law enforcement measures, orders and subpoenas from judicial and governmental authorities, enforcement and defense of contractual and legal rights and claims, generation of reserves, guarantees and sureties - Perform data analysis and generation of aggregated data reports based on anonymized information for benefit of BlueSnap, Merchants, processing partners, regulators and customers, auditing practices, conducting business intelligence, performance reporting
- Compliance with internal policies, card industry and payment scheme requirements
- Payment Card Industry (PCI) assessment and validation
- Provide you with content, data and advertising tailored to your individual interests, enabling you to access BlueSnap services such as the Merchant or Shopper Control panel, support, chargeback management services
- Consensual storage of shopper payment information for subsequent or recurring transactions
- Track sellers
- Provide information to regulators, Card Associations, investors and professional advisers
BlueSnap may also use information in other ways for which we provide specific notice of at the time of collection.
Site Visitor: As a guest we may set tracking and behavioral cookies when accessing BlueSnap site and landing pages. These may include IP, device, technical usage, time, language and geolocation data. If you decide to request more information, sign up for newsletters, set up a sales call or use support facilities you may be asked to provide name and contact details.
Shopper: To process payment and delivery of products and services BlueSnap receives your transaction information – this may include name, ID info, address, email, phone number, delivery details, card/bank/pay wallet data, currency, transaction amount, gender, gift recipients, donations, IP, technical usage, language, geolocation and relevant affiliate tracking details. Support and post purchase services, refund and chargeback processes may require the use of similar information. You might have access to a shopper account generated by your merchant seller that is powered by or accessed through BlueSnap, to review purchases and set preferences for instance related to subscription and recurring charge transactions and payment card details.
Merchants: Business-related information is collected including corporate structure, tax numbers, beneficial interests, beneficiaries, ID info, social security numbers, name, address, email, phone, banking details, references, financial information, locations, nationality, web site ownership, signatory information, staff access, PCI records, technical details, IP, verification and data relating to PCI/ KYC/AML/Transaction fraud checks, affiliate referral tracking details.
International Entities
BlueSnap’s services enable merchants to sell to shoppers across the world. This sometimes requires BlueSnap to provide services through specific legal entities. BlueSnap Inc., is based in the USA, and its affiliate BlueSnap Payment Services Ireland Ltd., is a regulated payments institution based in Ireland offering payment services across the EU/EEA. BlueSnap Payment Services Ltd. is a regulated UK payments institution offering payment services to merchants in the UK. BlueSnap Enterprise Canada ULC offers payment services to Canadian merchants. BlueSnap Australia Pty Limited offers payment services to Australian merchants. Additional BlueSnap entities may be added and shall automatically be covered by this Privacy Policy.
How and Where Information Is Stored
BlueSnap maintains administrative, technical and physical safeguards designed to protect the personal information provided or collected against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or misuse. Data is also routinely backed up at secure locations in the UK and the US in accordance with standard industry practice. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. Payment information is secured and protected in accordance with the Level 1 standards of the PCI-DSS, the definitive security certification of the payment card industry. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any further questions about privacy or security, or have reason to believe your data security has been compromised please contact us immediately by sending an email to: Security@bluesnap.com.
The international nature of BlueSnap’s services means that personal data may be transferred beyond your national borders when you use BlueSnap’s services or purchase from or sell to persons or entities outside your country. By using such services you are deemed to understand and accept that data may be subject to such cross-border transfers.
How long data is retained
BlueSnap stores personal information for as long as necessary to fulfill the purpose for which the personal information was collected and as required or authorized by law. We take measures to delete or permanently de-identify personal information as required by law or if no longer required for the purpose for which it was collected. Certain data relating to transaction records particularly billing and invoice information may be required to be safeguarded for significant periods of time in accordance with standard tax and accounting law and practices, or to enable refund and chargeback requests to be processed on behalf of shoppers.
Sharing of Personal Information
BlueSnap does not sell or otherwise disclose personal information we collect about you except as disclosed in this Privacy Policy or as may be disclosed to you at the time information is collected.
BlueSnap may share personal information collected with its subsidiaries and other BlueSnap entities that process payment transactions as well as relevant merchants, fraud prevention services, card and payment services, and payment processors/acquirers.
BlueSnap may share certain information with service providers who provide or perform services on behalf of BlueSnap. We authorize such services providers to use or disclose such information only as necessary to perform services on our behalf or to comply with legal requirements. Such entities are required by contract and/or law to safeguard the privacy and security of personal information processed on our behalf. We may also share personal information with other parties with your express consent.
Personal data used with respect to payment transactions involving individuals of the EU/EEA and UK often needs to be passed to other parties as part of the transaction process. Transfers of data may be through APIs, email, and other formats, and may be bi-directional. BlueSnap takes steps to ensure that such parties are committed to compliance with applicable data law including the GDPR and that any additional Data Processors or Sub-Processors used are retained under a contractual duty of compliance and are able to respond to data subject access requests. In certain situations, BlueSnap and its subsidiaries might be deemed to be acting on the instruction of other transaction services or together with such parties, in which case BlueSnap shall itself be obligated to act in a manner compliant with applicable data law.
Certain Merchants might use checkout and other systems as part of the payment transaction process that might be integrated with BlueSnap. Accordingly personal information that you provide to such services either directly or through your selected Merchant might be passed to BlueSnap. BlueSnap treats such personal information in accordance with this Privacy Policy, however other entities might have their own policies and these should be thoroughly checked by you.
BlueSnap may use third-party service providers, for example to provide you with support when using our site and including the use of live chat software. When you sign up for our services we will share your personal information only as necessary for the third party to provide that service. Personal information collected relating to marketing and Merchant underwriting functions may be stored and processed on secure compliant cloud-based services provided by third parties to BlueSnap. Such service providers are contractually required by BlueSnap to act in compliance with relevant data law.
Merger, sale and/or transfer of corporate assets or reorganization
BlueSnap may transfer information as part of any corporate merger, sale, acquisition, transfer or assets or reorganization without notice. Such transfer will be on the basis of the continuation of all privacy rights set out in this document. You will be notified via email and/or a prominent notice on our website of any change in BlueSnap ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Compliance with court orders & law enforcement agencies
BlueSnap may be required to disclose personal information without notification in response to a lawful request by public authorities, including to meet national security requirements, or in order to comply with a legal requirement, legislation, regulation, court order or subpoena, or when we believe in good faith that disclosure is necessary to protect our rights, prevent harm of financial loss, protect your safety or the safety of others or investigate fraud or cooperate with law enforcement or government agencies, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
EU/EEA Data Privacy Law
With respect to data protection legislation in the European Economic Area, UK and Switzerland including the GDPR, BlueSnap acts as ‘Data Processor’ concerning shopper information of EU/EEA/UK/Swiss-based persons that is transmitted to BlueSnap either through a merchant or directly in order to process a purchase transaction.