X1 Merchant Services is committed to keeping your information private in accordance with applicable laws and regulations, as well as industry recommendations. This policy documents the practices and approach used on systems owned or managed by X1 Merchant Services or it’s subsidiaries, henceforth “X1 Merchant Services”. Applicable regional privacy laws are reviewed and added to this policy.
Generally, “Personal Information” means any information about an identifiable individual and information which can be reasonably used to identify an individual. This Privacy Policy sets out the collection, use, and disclosure of Personal Information through our websites and our various software and related services (the “Software Services“).
Software services are generally used by individual self registered consumers, website visitors who may not be registered on the services, individuals registered on X1 Merchant Services portals by a customers of the software services and integrated partners using X1 Merchant Services software services on their platforms. Individual users regardless of registered status, and method of integration will be referred to as “end user, visitor, and customer” for the purpose of the privacy policy.
This Privacy Policy does not govern third parties or Personal Information that is collected, used, or disclosed by any third parties, including integrated Software Services partners. For more information on the types of Personal Information that may stored on behalf customers, see the section below entitled “Integrated Customer Data”.
X1 Merchant Services is responsible for Personal Information in our control and has designated its VP of IT and Security as accountable for the organization’s compliance with this Privacy Policy. Any questions or complaints about this policy or compliance with this policy, or any requests to review or correct any of your Personal Information collected under this policy, should be directed to X1 Merchant Services as follows: X1 Merchant Services, 8 The Green Suite 15969, Dover, DE 19901, Attention: Information Security or [email protected].
X1 Merchant Services is the sole custodian of the Personal Information, described below, that is collected on the publicly visible portion of www.x1merchantservices.com. Information acquired is limited to only information required to provide services to end users and as needed to support service usage. Information from our end users is collected at the following points on our website:
Signup & Contact Information
X1 Merchant Services requests Personal Information from customers on the service signup form. Customers must provide contact information including: name, phone number and email address, and company name and address, if applicable in order to signup. This Personal Information is used to contact the customer to provide access to the Software Services and to communicate related news and information. We may ask additional information about our customer’s business such as size, revenues and numbers of clients as well as more information about our customers such as their position in the company and the names and contact information of their colleagues. This information is used to help determine the nature and extent of type services that are appropriate.
Cookies
A cookie is a piece of data stored on the website user’s and visitor’s computer tied to information about software service usage. The Website uses “cookies” to collect information and improve our products and services. A cookie is a small data file that is stored on your device. Cookies cannot be used to see any other data on your computer, nor can they determine your email address or identity.
We may use session cookies to non-sensitive session information to improve or validate authentication. We may also use persistent cookies to enable the Software Services to remember certain settings and preferences.
The website may include advertisement partners cookies which may be used to track results of ad campaigns (marketing) and re-marketing our Software Services within other websites the user may visit. These third parties may place cookies on your computer and collect data about your online activities across websites or online services when you are logged into the third-party service, including for targeted advertising. Users can opt out by visiting the advertisement platform’s website.
Geo Location Information
We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using the Application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
Mobile Device Permissions and Data Collection
We may request access or permission to certain features from your mobile device, including your mobile device’s Bluetooth to connect to card readers and other payment devices, network, internet, optional biometric to allow for fast authentication, location, and optional camera settings for scanning credit cards and barcodes. Additional settings may be required as the application is updated. If you wish to change our access or permissions, you may do so in your device’s settings.
Device information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you choose to provide.
In addition the application may request access or permission to and track location-based information from your mobile device, either continuously or while you are using the Application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
Certain features of the application may require push notifications to be enabled in order to function. Account or critical updates will be enabled by default. Feature notifications, hints, and other push notifications may also be used to inform users. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
Social Network Data
User information from social networking sites, such as google, including your name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks. This information may also include the contact information of anyone you invite to use and/or join the Application.
Log Files and Clear Gifs
Like most websites, our servers use log files to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use.
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of website users. The main difference between the two is that clear gifs are invisible on the page and are much smaller, about the size of the period at the end of this sentence.
These technologies may be used for analyzing trends, administering the website, tracking users’ movements around the website, and gathering demographic information about our user base as a whole. Various browsers may offer their own management tools for removing these types of tracking technologies.
Use of Customer Information
Personal Information collected is used only for configuration and maintenance of Software Services, providing customer support, processing invoice payments, and conveying information about accounts and upcoming features and benefits. X1 Merchant Services will only use personal information for the purpose of account management, as part of the service and to respond to marketing and sales inquiries. Such information is only stored in systems configured for internal X1 Merchant Services use as documented in this policy.
SMS Marketing
We use the information that you consent to share in relation to our SMS marketing service to send you text notifications (for account updates), text marketing offers, and transactional texts, including requests for reviews from us. Opt-in data and consent for text messaging will not be shared with any third parties except for messaging partners, for the purpose of enabling and operating our text messaging program.
Terms & Conditions
By consenting to X1 Merchant Services’s SMS marketing in the checkout and initializing a purchase or subscribing via our subscription tools, you agree to receive recurring text notifications (for your order, including abandoned checkout reminders), text marketing offers, and transactional texts, including requests for reviews from us, even if your mobile number is registered on any state or federal do-not-call list. Message frequency varies. Consent is not a condition of purchase.
If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you within any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests, will not be considered a reasonable means of opting out. We do not charge for the service, but you are responsible for all charges and fees associated with text messaging imposed by your wireless provider. Message and data rates may apply.
For any questions, please text HELP to the number you received the messages from. You can also contact us at [email protected] for more information.
We have the right to modify any telephone number or short code we use to operate the service at any time. You will be notified on such occasions. You agree that any messages you send to a telephone number or short code we have changed, including any STOP or HELP requests, may not be received, and we will not be liable for honoring requests made in such messages.
To the extent permitted by applicable law, you agree that we will not be liable for failed, delayed, or misdirected delivery of any information sent through the service, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.
Special Offers and Updates
Customers are sent informational and welcome emails after they sign up for Software Services. These notifications provide information about the the service. End users will also receive emails requesting feedback about the Software Services as well as information on our services, features, promotions and a newsletter. All emails will include an unsubscribe options and requests will be honored in accordance with applicable anti-spam laws, such as Canada’s Anti-Spam Legislation (CASL) and CAN-SPAM.
Service Announcements
On rare occasions it is necessary to send out a strictly service related announcement. For instance, if any of our Software Services are temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature.
Customer Service
We communicate with users on a regular basis to provide requested Software Services and in regards to issues relating to their account we reply via email or through the software portal.
Integrated Customer Data
Integrated Customers use X1 Merchant Services systems and applications to deliver Software Services to their users as X1 Merchant Services labeled or white labeled service. Customer Information, Information about our Customer’s Contacts and Archival Information (each defined below) are governed by this Privacy Policy, the Terms of Service and any other services agreements between X1 Merchant Services and the applicable Integrated Customers. This Personal Information is used to administer the Software Services and billing associated with payment for the Software Services.
We will retain Integrated Customer Information processed on behalf of Integrated partners for as long as needed to provide services to our partners, or for the period of time requested by a particular partner. Integrated partners are responsible for obtaining consent and maintaining any Personal Information collected with their forms. Individual users own all of their client data, which may include Personal Information. Our partners use the Software Service to manage their clients. X1 Merchant Services will only process Personal Information belonging to customers in the course of providing its services. This may include, for example, client names, contact information, billing information for use by the partner in the course of using our Software Services. While the application only collects the Personal Data necessary to provide Services, integrated partners may collect a wide variety of information from your customers using the forms within their applications.
We will not send promotional materials to or communicate directly with our customer’s clients other than on our customer’s behalf, and per their instruction. We will not share any customer information other than as required by law, or with express written permission of the appropriate person. It is the responsibility of our partners to ensure they have the appropriate consents in place for the collection and management of their data and Personal Information of third parties, such as their clients, and that all data is collected in a fair and lawful manner. Furthermore, it is our partner’s responsibility to update their clients’ Personal Information and to provide appropriate access to, and information about, the existence, use and disclosure of their information. Please contact any third-party organization directly for any inquiries about Personal Information collected by the organization.
Legal Disclaimer
While we make every effort to preserve user privacy, we may need to disclose Personal Information when required or permitted by law. In particular, we may disclose Personal Information to satisfy any applicable law, regulation, legal process or governmental request; enforce our contracts or user agreement, including investigation of potential violations hereof; and/or detect, prevent, or otherwise address fraud, security or technical issues.
Where reasonable, we will expeditiously provide customers with notice of any potential disclosure so that they can take appropriate protective measures.
Service Providers and Business Partners
X1 Merchant Services employs third parties to perform tasks on our behalf and we may need to share Personal Information with them to provide certain services. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. The third parties we currently engage includes third party companies and individuals employed by us to facilitate our services, including the provision of database management, payment processing and customer relationship management tools.
Links
This website contains links to other sites. Please be aware that X1 Merchant Services is not responsible for the privacy practices of such other sites. We encourage our visitors to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.
Security
X1 Merchant Services takes every reasonable precaution to protect our visitors’ and our customers’ information. When sensitive information is submitted via the website, the information is protected both online and off-line. When our Software Services ask users to enter sensitive information, that information is encrypted and it is protected in alignment with recommendations from industry groups such as the Payment Card Industry Data Security Standard (PCI DSS). Along with encrypting the information while it is transmitted “in transit”, our systems are configured to protect the information through additional encryption after it is stored “at rest”. Servers that store personally identifiable information are in a secure environment. X1 Merchant Services protects credit card information according to Payment Card Industry Data Security Standards (PCI-DSS). As part of the our PCI program, the software services are reviewed by an external PCI Qualified Security Assesor to verify the security of the application in accordance with PCI-DSS requirements. In the event that X1 Merchant Services becomes aware of a security breach, as required by applicable law or our customer agreements, we will notify customers whose data is affected and describe the measures being taken to contain the breach.
Supplementation of Information
In order to properly fulfill its obligation to our customers it is necessary for us to supplement the information we receive with information from third-party sources. For example, we validate the addresses provided. Credit checks may be performed on corporate customers by our payment processor in accordance with its own privacy policy and terms.
Business Transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Retention
We use and retain your Personal Information for as long as necessary to fulfill the purpose for which it is being processed, to carry out legitimate business interests, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.
Notification of Changes
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Children
The Site is not intended for use by children. We do not intentionally gather Personal Information about visitors who are under the age of 16 (or a minor in the jurisdiction in which you are accessing our Sites or Services). If a child has provided us with Personal Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 16 in the applicable jurisdiction, please contact us at [email protected]. If we learn that we have inadvertently collected the personal information of a child under 16, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.
Our Legal Basis for Collecting Personal Information
Whenever we collect Personal Information from you, we may do so on the following legal bases:
Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.
International Transfer
We have centralized some of our data processing activities in accordance with applicable laws, and as a result, we may, directly or indirectly through our organization and affiliates, and through third-party entities around the world, process, store, and transfer the information you provide, including your Personal Information, as described in this Privacy Policy. Specifically, the information and Personal Information that we collect may be transferred to, and stored at, a location outside of your jurisdiction. The jurisdiction where your Personal Information will be processed may or may not have laws that seek to preserve the privacy of Personal Information. Your Personal Information may also be processed by staff operating outside of your jurisdiction who work for us or for one of the organizations outlined in this Privacy Policy in connection with the activities outlined in this Privacy Policy. By submitting your Personal Information using the Sites, you agree to this transfer, storing or processing. We will take all steps necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy. We have put in place commercially reasonable technical and organizational procedures to safeguard the information and Personal Information we collect on the Sites.
Your Choices and Accessing, Updating or Deleting Your Personal Information
You may have certain rights relating to your Personal Information, subject to local data protection law. Whenever you choose to visit our Site and use our Services, we aim to provide you with choices about how we use your Personal Information. If we have collected your Personal Information because you visited our website or contacted us, then we will facilitate your rights directly because we are the controller of your Personal Information. If we have collected your Personal Information on behalf of a customer or partner, your rights are facilitated by the customer or partner as they would as the controller of your Personal Information in such scenario.
Subject to applicable law, you may obtain a copy of Personal Information we maintain about you. In addition, if you believe that Personal Information we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the “Contact Information” section below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.
California Residents
This section provides additional details about the Personal Information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (the “CCPA”). X1 Merchant Services does not sell (as that term is defined in the CCPA) the Personal Information we collect.
During the last twelve (12) months, we have collected the following categories of personal information from consumers.
A. Identifiers
First and last name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address.
Collected: YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, physical characteristics or description, address, telephone number, education, employment, employment history and disciplinary action, professional memberships, employee reference checks, trade union membership, bank account number, credit card number, debit card number, or any other financial information, medical information.
Collected: YES
C. Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Collected: YES
D. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application logs, device data and registration, social media account information or advertisement.
Collected: YES
E. Geolocation Data
Physical location or movements.
Collected: YES
F. Sensory Data
Audio, electronic, visual, thermal, olfactory, or similar information.
Collected: YES
G. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, behavior, and attitudes.
Collected: YES
We obtain the categories of Personal Information listed above from the following categories of sources:
We disclose your Personal Information for a business purpose to the following categories of third parties:
Subject to certain limitations, the CCPA provides California consumers with certain rights. This section describes Californians’ rights and explains how California consumers can exercise those rights.
Below we further outline specific rights which California residents may have under the California Consumer Privacy Act.
If you are a California resident who chooses to exercise your rights, you can:
You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.
Upon receiving your request, we will confirm receipt of your request by sending you an email. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Do Not Track
Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals.
We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.
For any questions or suggestions regarding our privacy policy or requests to alter or remove any information please contact us at: