US PRIVACY POLICY FOR SERVICES

LAST UPDATE:  May___,  2023

VoPay International Inc. (“VoPay”, “we”, or “us”) respects your privacy and is committed to protecting the personal information you may provide to us while using or accessing our payment services offered in the US (“Services”). 

The purpose of this privacy policy is to inform you about our privacy practices, including how we collect, use and disclose your personal information. This privacy policy relates to the provision of our Services and all related activities (the “Policy”). 

Please review the Policy carefully.  By submitting your personal information to us via the Services, by using our Services, or by voluntarily interacting with us via the Services, you consent to our collecting, using and disclosing your personal information as set out in this Policy, as revised from time to time.

Your continued use of our Services following the posting of any amendment to this Policy and, as applicable following the dissemination of a notice to inform you of those changes, shall constitute your acceptance of such amendment. 

Below are some terms that will help you navigate this Privacy Policy:

WHAT IS IN THIS PRIVACY POLICY?

• Your Consent to Collection, Use and Disclosure
• Personal Information We Collect
• Aggregated and Anonymized Information We Collect 
• How We Use Your Personal Information
• How We Share Your Personal Information
• Retention of Personal Information
• Third Party Websites and Services
• Accessing and Updating Your Personal Information
• Opting Out of Communications
• Children’s Information
• Newsletters
• Privacy Policy Updates
• Contact Us

An Important Note: This Privacy Policy does not apply to any of the personal information that our Business Users may collect and process using Vopay’s Services (“Customer Data”). Our Business Users’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data on behalf of our Business Users is governed by the contracts that we have in place with our Business Users, not this Privacy Policy. Business Users are responsible for making sure that their End Users’ privacy rights are respected. If you are an End User, please refer to the privacy policy of the Business User you choose to do business with for information regarding their privacy practices and please direct any questions or requests relating to Customer Data to our Business Users.

1. YOUR CONSENT TO COLLECTION, USE, AND DISCLOSURE

Methods

• Where appropriate, we collect, use and disclose your personal information with your consent, or as permitted or required by law.
• How we obtain your consent (i.e., the form we use) will depend on the circumstances, as well as the sensitivity of the information collected.
• Subject to applicable laws, your consent may be express or implied, depending on the circumstances and the sensitivity of the personal information in question.
• If you choose to provide us with your personal information after reviewing this Policy, we will assume that you consent to the collection, use and disclosure of your personal information. However, we will require your consent when necessary as required by applicable privacy laws.

Purposes

• Where we want to use your personal information for a purpose not previously identified to you at the time of collection, we will seek your consent prior to our use of such information

Withdrawing Consent

• To provide you with access to our Services, we may collect personal information. Without such information, we may not be able to provide our Services. 
• You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us using the contact information in the “Contact Us” section below.  However, note that:
  • withdrawal of your consent may prevent us from providing our Services to you, in whole or in part, or prevent those from functioning as intended;
  • before we implement the withdrawal of consent, we may require proof of your identity; and
  • even if you withdraw your consent, we may keep using, disclosing or retaining some of your personal information to the extent required by applicable law.

Consent and Other Individuals

• If you provide personal information about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect from you, use and disclose their information as described in this Policy. By providing personal information about another individual to us, you represent and warrant that you have obtained their prior consent to our collection of his/her personal information from a third party and made them aware of this Policy. 

2. PERSONAL INFORMATION WE COLLECT

What Information We Collect

The information we may collect about you varies depending on the nature of our relationship with you and depends on whether you are a Business User, End User, or Representative. Generally, in connection with providing the Services, the personal information we collect falls into the following categories (not all of which may apply to you).

1. Business Users

As outlined above, VoPay provides Services Business Users who directly and indirectly provide us with information about their business, Representatives, and End Users. In conjunction with providing those Services, we may collect the following information.

• Business User Account Information: We collect information from Business Users when they create an account, or subsidiary accounts, request customer support, leave feedback, or otherwise communicate with us. The types of information we may collect include, name, email address, role at the organization, log-in credentials, and other identity authentication data, date of birth, and any other information they choose to provide. 
• Representative and Know Your Client Information: As part of the onboarding process for Business Users, we collect information about Representatives of Business Users for purposes of identity verification. This includes a Representative’s name, age, contact information, government identification documentation, role at the entity, including whether they are a registered or beneficial owner, shareholder, officer, director, authorized signatory.  
• Financial Information: We collect information from users in order to facilitate payments. This includes payment methods (name, credit card number, CVC), transaction data (which may include information about the purchase amount, date, location, and purchased items), and bank account information.  
• Log and Usage Data: To the extent permitted under applicable law, we may collect log and usage data relating to a user’s use of the Services such as a user’s device information and information about a user’s activities using the Services.

2. End Users

In conjunction with Services provided to Business Users, we process Personal Information in accordance with our agreements and lawful instructions. We may collect the following categories of personal information about End Users from our Business Users in conjunction with providing the Services.

• Transaction Data: If you are an End User that makes or receives payments or funds from a Business User, we will receive transaction data.  This may include name, email address, billing address, shipping address, payment method information (such as credit or debit card number, bank account information), merchant and location, purchase amount, date of purchase, and in some cases, some information about what you have purchased and your phone number and past purchases. 

• Financial and Identification Information: We may collect information from banking and accounting software in conjunction with providing Services to Business Users, including client verification services. In connection with this, we may collect government identification, account information and historical transaction data. 

Business Users are responsible for making sure that their End User’s privacy rights are respected If you are an End User, please refer to the privacy policy or notice of the Business User you choose to do business with for information regarding their privacy practices, choices and controls.

3. Client Account Users

In conjunction with Services provided to Business Users, including maintaining and supporting Client Account Users, we may collect the following information:

• Client User Account Information: We collect information from Client Account Users when they create an account, request customer support, leave feedback, or otherwise communicate with us. The types of information we may collect include, name, email address, role at the organization, log-in credentials, and other identity authentication data, date of birth, and any other information they choose to provide. 
• Transaction Data: If you are a Client Account User that makes or receives payments, we will receive transaction data.  This may include name, email address, billing address, shipping address, payment method information (such as credit or debit card number, bank account information), merchant and location, purchase amount, date of purchase, and in some cases, some information about what you have purchased and your phone number and past purchases. 
• Log and Usage Data: To the extent permitted under applicable law, we may collect log and usage data relating to a user’s use of the Services such as a user’s device information and information about a user’s activities using the Services.

D. Other Interactions

• For individuals who otherwise interact with us, whether in person, on the website, by phone or email, through social media, messaging and chat features, forums, blogs, or otherwise, including individuals who request information about our products or services, or who enter a contest or respond to surveys and questionnaires, we may collect information they provide to us during these interactions. This information may include name, e-mail address and other contact information.
• If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted, you agree that we may collect your voiceprints when you chose to join our recorded virtual meetings and/or calls in order to [reason for collecting biometric info]. Any collection of biometric information is handled by third-party service providers, such as Zoominfo. VoPay does not directly collect or store any biometric information through our Services, but we may receive information associated with your biometric information. For more information about Zoominfo’s collection, processing and retention of biometric information, please visit Zoominfo’s Biometric Privacy Notice. You may withdraw your consent and ask for your Biometric Data (as defined in the Zoominfo Biometric Privacy Notice to be deleted by sending a request to [email protected].

3. AGGREGATED AND ANONYMIZED INFORMATION WE COLLECT 

General, aggregated, demographic, and non-personal information may be collected by us through our Services, but any such information will not be linked to any of your personal information. This type of anonymous, aggregated profiling and session data may include information that you have provided to us through surveys, polls, etc., and may also include aggregated anonymous information about our Services’ usage and the customer base.  

We will take reasonable measures to ensure the aggregated/anonymized information cannot be associated with an individual, we will maintain and use such information only in an aggregated/anonymized form, and we will not attempt to reidentify such information except as permitted by law. We may disclose aggregated information about you, and information that does not identify any individual, without restriction.

4. HOW WE USE YOUR PERSONAL INFORMATION

We use the information we collect from users in connection with providing the Services to provide, maintain, analyze, and improve our products and Services, including to:

• Create and administer accounts, facilitate and personalize your use of the Services, and send you communications, notifications, confirmations, updates, product announcements, security alerts, technical notices, and administrative messages. 
• Facilitate use of the Services including to process and execute transactions, to calculate applicable sales tax, to invoice and render appropriate bills.  
• Verify the identity of Representatives or other instructing individuals.
• To the extent permitted under applicable law, to monitor and analyze trends, usage and activities in connection with our products and Services and personalize and improve our products and services.

• Respond to your comments, questions, and requests, and otherwise facilitate or contact you about your use of our Services. 
• Notify you about important changes our Services and applicable terms and policies.
• Collect, display and publish reviews and comments from our users and customers about our products and Services.
• Process and deliver contest entries and rewards and to display relevant advertising.
• Communicate with you about marketing aspects such as products, services, offers, and events offered by VoPay and others, and provide news and information we think will be of interest to you. 
• Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of VoPay and others. 
• Enforce this Policy or our Terms of Service;
• Measure interest and engagement in our Services;
• Share information with third parties as needed to provide the Services;
• Carry out any other purpose for which consent is obtained, or as otherwise permitted or required by law. 

Whatever the purpose may be, we will collect and process your personal information to the extent you have provided us with your consent, or alternatively as reasonably necessary to fulfill our contracts with you, or as may be required by applicable law. We may use your personal information and other information for purposes for which we have obtained your consent, and for such other purposes as may be permitted or required by applicable law.

5. HOW WE SHARE YOUR PERSONAL INFORMATION

Personal information we collected may be shared as follows or as otherwise described in this Privacy Policy:

• With relevant parties in connection with your transaction(s) and use of our Services, including specifically banking and financial institutions, credit card issuers, merchants;
• In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
• With vendors, consultants, and other service providers, including identify-verification service providers, who need access to such information to carry out work on our behalf in connection with our Services.  
• With financial partners and business partners to provide you with the Services you have requested. 
• With our company affiliates for administrative purposes.
• With application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth below in “Contact Us”.

A more detailed list of third-party service providers is outlined below under “Third Party Websites and Services”.

If we provide your information to third party service providers, we take reasonable measures to ensure that this Policy and its principles are complied with and these third parties provide sufficient guarantees to implement appropriate security measures. We also require that they only use your personal information for the limited purposes for which it is provided. When our service providers no longer need your personal information for those limited purposes, we require that they dispose of the personal information. We do not authorize the service providers to disclose your personal information to unauthorized parties or to use your personal information for their direct marketing purposes.   

In some circumstances, we may permit our service providers to retain aggregated or statistical information that does not identify you directly. 

Additionally, we may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: 

(a) under applicable law, including laws outside your country of residence; 

(b) to comply with legal process, including outside of your country of residence; 

(c) to respond to requests from public and government authorities, or to cooperate with law enforcement, including public and government authorities outside your country of residence; 

(d) to enforce the terms of the agreements for our products and services; 

(e) to protect our operations or those of any of our affiliates or subsidiaries; 

(f) to protect our rights, privacy, safety or property, and/or those of our affiliates, you or others; 

(g) to allow us to pursue available remedies or limit the damages that we may sustain; and

(h) in connection with a sale or business transaction, we may transfer, disclose or sell your personal information to a third party to the extent necessary to conclude any reorganization, merger, acquisition, financing due diligence, bankruptcy, receivership, purchase or sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets. 

(i) to assist with an investigation or prosecution of suspected or actual illegal activity.

If we otherwise intend to disclose your personal information to a third party, in a manner not identified in this Policy, we will identify that third party and the purpose for the disclosure, and obtain your consent.

6. RETENTION OF PERSONAL INFORMATION

We will use, disclose or retain your personal information only for as long as necessary to fulfill the purposes for which that personal information was collected and as permitted or required by law. These times vary depending on the purpose for which the information was collected and the need for the information.  We will destroy records containing personal information or in some cases, anonymize all personal information in the records, when we no longer need the information for the purpose for which it was collected, or for other business or legal purposes, or its retention is no longer required by law.

7. THIRD PARTY WEBSITES AND SERVICES

This Policy applies only to our products and Services.  It does not extend to any websites, products, social media platforms or services provided by third parties.  

There may be times where a third party may ask to collect your personal information themselves. These third parties can include advertisers and third-party service providers and payment processors. When you provide your personal information to such third parties, they will use your personal information in accordance with their own privacy policies and not this Policy. Therefore, you should read their privacy policies carefully before providing them with your personal information. We are not responsible for the privacy practices of such third parties, and we encourage you to review all third party privacy policies prior to using third party websites or products or services. 

The third-party service providers we use, include but are not limited to, the following:

• Amazon Web Services. We use Amazon web services in multiple capacities for storing, transferring, and securing user data. For more information, please visit https://aws.amazon.com/
• BMO. We use BMO for interac and electronic fund transfer services. For more information please visit https://www.bmo.com/main/about-bmo/privacy-security/our-privacy-code/ .
• Flinks. We use Flinks to connect and use banking data. For more information please visit https://flinks.com/privacy-policy/ 
• Fiserv-Telecheck. We use Fiserv-Telecheck for check processing and risk analytic. For more information please visit https://merchants.fiserv.com/en-us/privacy/ 
• Google Analytics. We use Google Analytics to help us understand how our users interact with certain features on our website. For more information, please visit https://analytics.google.com/analytics/web 
• Global Payments. We use Global Payments for card processing services. For more information please visit https://www.globalpayments.com/en-ca/privacy-statement .
• Hubspot. We use Hubspot for lead and client information for employers. Hubspot is a CRM and marketing system that allows us to track and take action on our relationships with employers. For more information, please visit https://hubspot.com 
• PandaDoc. We use PandaDoc for digital document services. For more information please visit https://www.pandadoc.com/privacy-notice/ .
• Plaid. We use Plaid to integrate and analyze transaction data. For more information please visit https://plaid.com/legal/.

If you would like more information about our service providers, please contact us using the contact information in the “Contact Us” section below.

INTERNATIONAL TRANSFER AND STORAGE

Your personal information may be transferred, processed and stored anywhere in any country where we have facilities or in which we engage third party service providers. As a result, to the extent permitted under applicable law, your personal information may be transferred to countries outside your country of residence, which may have different data protection rules than in your home country.  While such information is outside of your country, it is subject to the laws of the country in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

8. ACCESSING AND UPDATING YOUR PERSONAL INFORMATION

We make reasonable efforts to ensure that your personal information is kept as accurate, complete and up to date as reasonably necessary.  We will not routinely update your personal information, unless such a process is necessary.  We expect you, from time to time, to supply us with updates to your personal information, when required.

In accordance with applicable law, you may have the right to make a written request to delete or review any personal information about you that we have collected, used or disclosed, and we will provide you with any such personal information to the extent required and/or permitted by law. You may also request corrections to your personal information. If you successfully demonstrate that your personal information in our records is inaccurate or incomplete, we will amend the personal information as required and/or permitted by law. To exercise these rights, please contact us by using the contact information in the “Contact Us” section below. We will process such requests in accordance with applicable laws. Please note that certain regulations and laws may require us to retain certain records for a prescribed period of time after the close of the business relationship. 

We may require that you provide sufficient identification to fulfill your request to access or correct your personal information.  Any such identifying information will be used only for this purpose. 

If you are a Business User’s End User or Client Account User, the Business User is the party responsible for responding to your query; and we recommend reaching out to them for assistance.

9. OPTING OUT OF COMMUNICATIONS

If you no longer want to receive marketing-related emails from us, you may opt-out of receiving marketing-related emails by clicking the “unsubscribe” link at the bottom of any email you receive from us.  You may also opt-out by contacting us directly using the contact information in the “Contact Us” section below. 

We will endeavour to respond to your opt-out request promptly, but we ask that you please allow us a reasonable time to process your request.  Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or other matters you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy).

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

You may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

10. CALIFORNIA SHINE THE LIGHT

The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.

11. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.

12. CHILDREN’S INFORMATION

Our Services are not intended for children under the age of 16. Children under the age of 16 should not use our website and should not supply us with any personal information. 

If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16 without the consent of their parent or legal guardian, please contact us using the information in the “Contact Us” section below.

13. NEWSLETTERS 

As part of your use of our products or Services, or other interactions with us, we may send you emails to operate or promote our services, or other products and information we believe may be of interest to you. In addition, we may contact you using other personal information that you have provided to us (such as a physical mailing address) or contact information that you have made publicly available (such as through a social networking service).  We provide an opt-out function within all email communications of this nature, or alternatively we will cease to communicate with you for this purpose if you contact us and tell us not to communicate this information to you.

14. PRIVACY POLICY UPDATES

This Policy is current as of the “updated” date which appears at the top of this page.  It may be modified or updated from time to time.  When changes are made to this Policy, they will become immediately effective when published in a revised Policy posted on our website unless otherwise noted.  We may also communicate the changes through our services or by other means.  

By submitting your personal information to us, by accessing or using any of the products or our Services, or by voluntarily interacting with us after we publish or communicate a notice about the changes to this Policy, you consent to our collecting, using and disclosing your personal information as set out in the revised Policy.

15. CONTACT US

All comments, questions, concerns or complaints regarding your personal information or our privacy practices should be sent to our Privacy Officer as follows: