Finix Payments Inc. (“Finix”)
September 13, 2018
1. Overview: Finix provides tools and services to platforms to integrate payments flowsfor faster, more secure, reliable, and centralized management of payments infrastructure.
3. Information Collection: This section outlines the specific types of information Finixcollects and stores.We collect information you provide to us when using our Services or applying for a job through our Services, including your name, address, email address, phone number, employment information, professional affiliations, and any other information you choose to provide us.
4. Platforms: To underwrite and provision integrations for platform partners, Finix collects the following information:
1. For the Business:
Other Business Names, i.e., DBA
Tax Identification Number / Employer Identification Number
Business Phone number
Date of Incorporation
Business Support Email address
Third-party data (including Bank Account information)
Max Transaction amount
2. For the Business Principal:
Full First and Last Name
Social Security Number / Individual Taxpayer Identification Number
Date of Birth
User Name and Password
Any additional information you decide to share with us
5. End Users
1. Buyers: to facilitate purchases for buyers, Finix collects
a. First name and last name
b. Phone number
c. Email address
d. Street address
e. Payment Instrument (i.e., credit card / bank account) information
f. Transaction information
2. Merchants: to allow merchants/sub-merchants to sell, Finix collects the same business and business principal information as listed above for Platforms.
6. No information from children Finix Services are not intended for children under theage of 18.
7. Transactions and Service Interactions: To assist in securing, troubleshooting,maintaining, and improving the Services, Finix will also collect:
Logs: including information on your usage of the Services including pages visitedin-app or on the Finix website, average time spent in app, IP address, in-app actions or transactions made, etc.
Device information: information on the device(s) you and your end-users use tointeract with our service. This includes but is not limited to device identifier, application/API version, operating system, browser, language and time settings.
Location information and IP address: We collect location information from yourdevice so that we can help prevent fraud, provide you with more transaction information, and better personalize the Services to you.
Cookies/Tracking: Finix also uses tracking technology including cookies and device identifiers to improve your experience, enhance our security, and track usage across Finix Services. If you choose to reject these technologies some functionality in our Services will not be available.
8. Why Finix collects this information: Finix collects this information to use for the following reasons:
To process your transactions and respond to court orders and legal investigations.
To provide you support, respond to your questions and comments, and offer customer service.
To send you notices and updates.
To prevent fraud, illegal or prohibited activities, and security breaches.
To investigate fraud, security issues, and suspect activities.
To verify your identity and enforce our terms and any other agreements between you and us.
To improve and maintain our Services.
To share new products, offers, promotions, or other information we think you might be interested in.
To personalize the Services.
To monitor and analyze usage and activities in or related to our Services.
To comply with any applicable laws or legal processes.
For any other reason provided to you in connection with our Services.
We do not use automatic decision-making (i.e., making decisions solely by automated means without any human involvement) or profiling (i.e., automated processing of personal information to evaluate certain things about an individual).
If we use this information in a manner different than the purpose for which it was collected, we will provide you with information regarding the purpose for the processing, as well as other relevant information, prior to processing your personal information for the new purpose.
9. Who Finix discloses information to: Finix shares any information we collectabout you with third-parties as follows:
With other users you have specifically referred to us, limited to what you have permitted to share in the course of your referral.
With the financial service providers we and you work with, including the institutions identified in your processing agreements and the third-parties mentioned above.
With non-financial companies that provide tools, support, audits, or otherwise help to enhance or maintain the Finix Service (including but not limited to email companies, fraud prevention companies, credit bureaus, identity services, properly vetted information storage companies, and properly vetted information security companies).
To any other third-party needed to provide our Services (as described in the section below) or at your direction and with your consent particularly if we request such information from you after informing you of who your information would be shared with, how that specific information would be shared, and why we need to share it.
10. Third-Parties: Finix also collects and shares information with some third-parties sothat we can continue to provide and improve our Services. This encompasses all trusted third-parties integral to the operation of the Finix Service and includes:
Analytics Services: We work with third-parties for analytics services. Theseparties use tracking technology (as mentioned above) or system information to collect data about your use of the Services or provide insight to the current state of our systems. This information is used by us and others to maintain and improve our services.
Anonymized/Aggregated Information: Finix shares or exchange anonymized or aggregated information that cannot be used to identify you or your customers without restriction. This includes with third-parties for research, marketing and promotional purposes. These third-parties publicly release the findings of their research or analysis including this information. These third-parties include, but are not limited to: organizations that research consumer spending, organizations that research credit card use.
Financial Service Providers: To process your financial transactions, we will shareinformation with the specified financial service partners.
Other Third-Party Services: When you signup or integrate Finix Services we verify the information we collect from you with identity service providers or other third-party verification services to review your account and tailor your onboarding process. Additional information about third-party services can be found in Finix’s Cookie and Similar Technologies Policy.
11. Law Enforcement Disclosures: Finix also discloses your information to relevantlaw enforcement or third-parties such as auditors or investigators if Finix:
is required by any applicable law (e.g. pursuant to a warrant or court order);
believes it is appropriate to investigate fraud or any other violation of safety or property against us or others; or
needs to investigate any violations of our agreements or policies.
12. International Visitors: This section applies to those that use our Services from the European Economic Area or Switzerland.
Finix processes personal information with your consent (e.g., to provide you with information about our products and services).
On other occasions, Finix may process personal information when it needs to do this to fulfill a contract (for example, to deliver the Services) or where required to do this by law.
If necessary, Finix may also process personal information when it is in Finix’s legitimate interests to do this (e.g., for customer service, support, and maintenance of your account) and when these interests are not overridden by your data protection rights.
Please be aware that the personal information we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location. If you are located outside of the United States, please be advised that we process and store personal information in the United States.Where we transfer information from the European Economic Area to a country that doesn't provide an adequate level of protection, we’ll only do so where it’s necessary to perform a contract with you or under appropriate safeguards to protect your information, like standard contractual clauses.
You have a right to the following:
To request access to the personal information we hold about you;
To request that we rectify or erase your personal information;
To request that we restrict or block the processing of your personal information;
Under certain circumstances, to receive personal information about you that we store and transmit to another without hindrance from us, including requesting that we provide your personal information directly to another, i.e., a right to data portability; and
Where we previously obtained your consent, to withdraw consent to processing your personal information.
To exercise these rights, contact Finix’s Data Protection Officer using the “Contact Finix” section below. Please be aware that Finix may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
Additionally, you have the right to lodge a complaint against us. To do so, contact the supervisory authority in your country of residence. For more information about these rights, please review the “General Data Protection (GDPR)” section below.
13. Security: While personal data transferred between you and Finix is encrypted in transit, you are responsible for managing the security of your company’s accesstokens including usernames, passwords, SSH keys, and not distributing, storing, or transmitting sensitive data (e.g. card holder information or PII) outside of Finix’s clearly designated systems.
14. Retention: We will process and store your information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of information is the respective statutory retention period, or duration of time that storage of this data is required for Finix’s legitimate business interests, regulatory, and/or legal purposes. Under circumstances where data does not have a statutory retention period, such as with marketing data, Finix will store this data for one calendar year. After expiration of that period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.
15. Assignment: If Finix or any part of Finix is acquired or undergoes a merger,consolidation, liquidation, or other significant change of control or transfer of assets, Finix may transfer, sell, or assign the information Finix collects, stores, or uses under this Policy to third-parties. This transfer would include, without limitation, any information that you provide.
16. Contact Finix: If you have any questions or concerns regarding the privacy and/or processing status of your personal data at Finix, or if you wish to withdraw consent for Finix to process your personal data, please contact us in our role as data controller, at:
Finix Payments, Inc.
480 2nd Street, Suite 202, San Francisco, CA 94107
For visitors from the European Economic Area or Switzerland, contact our Data Protection Officer at firstname.lastname@example.org.
General Data Protection Regulation (GDPR)
You may have heard about some major changes in the European Union’s (EU) data privacy legislation. In the unlikely event that you are unaware of the GDPR, this new set of laws is the most significant change in European data privacy legislation since the 1995 EU Data Protection Directive (European Directive 95/46/EC). The Finix Payments team and Data Protection Officer, worked in conjunction with data privacy experts to help meet Finix’s GDPR compliance obligations ahead of the May 25th, 2018 enforcement date.
The GDPR is European privacy law intended to strengthen and unify data protection for all individuals within the EU. The laws also address the export of personal data outside the EU and the processing of EU data abroad. The GDPR classifies data handlers into two categories, 1) Data Controllers and 2) Data Processors. Finix primarily acts as a “data processor” under the GDPR meaning we typically act on the instructions of a data controller.