Privacy Policy

TRUSTe

Effective: February 18, 2022

Update Information

The following updates were made in this version:

  • Limited the scope to USP Worldwide, Inc. and subsidiaries (USP Payments, Inc. has a separate policy)
  • Included separate International Transfers of Personal Data section, removing references to reliance on Privacy Shield
  • Included references to data collected from employees and candidates
  • Expanded and clarified sections regarding personal data collection, use, protection and retention
  • Removed links to third party analytics provider optouts because they were outdated and not comprehensive
  • Added definitions of data protection and technical terminology (e.g., “cookies”, “log files”)
  • Reduced the Email and SMS Text Communications section to remove duplication with notices provided when users sign up for that service
  • Updated DPO information
  • Added information about Colorado and Virginia data subject request rights

Introduction

USP Worldwide, Inc. (“USP”, “we”, “us”, or “our”) provides electronic payments, bill presentment and payment services for individuals, companies, and organizations around the world.  USP takes the privacy of your Personal Data seriously and is committed to protecting your privacy.  This Privacy Policy applies to USP Worldwide, Inc., its affiliates and subsidiaries, but does not apply to USP Payments, Inc.  USP Payments, Inc.’s privacy policy may be accessed here.

This Privacy Policy explains what Personal Data USP collects about you, the circumstances under which we may collect your Personal Data, how we will use and secure your Personal Data, and to whom we may disclose your Personal Data.  It also describes the choices and applicable rights you may have with regard to your Personal Data in our possession or control.

We may amend this Privacy Policy at any time.  Any amendments to the Privacy Policy will become effective when posted to this site as indicated by the “Effective Date.”  Your use of USP website(s) or our products and services following any amendment to the Privacy Policy will be deemed to be your acceptance of it. If we make any material changes we will notify you by email (sent to the e-mail address specified in your My Account) or, at our option, by means of a notice on this Site prior to the change becoming effective.

This Privacy Policy does not apply to websites owned and operated by third parties, even where hyperlinks to those websites may be provided by USP.  We have no access to or control over those third party websites.  When visiting those websites, you should review and become familiar with the privacy policies which apply to those third party sites and how those sites address the handling of your Personal Data.

Definitions

Understanding data privacy and your rights with regard to your Personal Data is important to USP.  The following definitions will apply to the capitalized terms used throughout this Privacy Policy. 

“Applicable Law” means the laws, regulations, or industry standards of a country or region which govern USP’s processing of your Personal Data.  For example, if you are a resident of a member state within the European Union the primary law which will apply to USP’s processing of your Personal Data will be the General Data Protection Regulation (the “GDPR”).

“Personal Data” means any information which identifies you or is capable of being used to identify you.  As used in this Privacy Policy it shall be synonymous with, and inclusive of, the terms Personal Information, Protected Health Information (“PHI”), or Non-Public Personal Information as those terms are defined by Applicable Law.  All general references to Personal Data in this Policy shall be inclusive of Special Categories of Personal Data or Sensitive Personal Data.  Examples of Personal Data include, but are not limited to, your name, address, email address, Social Security or similar government ID number, internet protocol (“IP”) address, and financial account numbers.

“Special Categories of Personal Data” or “Sensitive Personal Data” means Personal Data which reveal your rUSPal or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, caste or tribal affiliation, genetic data, biometric data uniquely identifying a natural person, data concerning health or a natural person’s sex life or sexual orientation, or data concerning the commission or alleged commission of any offense and any related court proceedings or criminal convictions.

“Data Controller” or “Business” means the natural person or legal entity who determines, either individually or jointly with others, the purpose and means of processing for Personal Data.  For example, USP will generally be a Data Controller or Business with regard to the Personal Data of its employees and the Personal Data it collects through its company website(s), but generally not with regard to the majority of its products or services where it plays the role of a Data Processor or Service Provider to companies you may do business with.

“Data Processor” or “Service Provider” means the natural person or legal entity which processes Personal Data on behalf of a Data Controller or Business.

“Data Protection Authorities” means the relevant governmental authority with jurisdiction over our processing of your Personal Data.

What Personal Data USP Collects

The types of Personal Data we collect, use and store depends on the nature of your relationship with USP.  The Personal Data that USP may collect about you, includes, but is not limited to:

  • Your name, mailing address(es), email address(es), and phone number(s);
  • Your credit card, debit card, or bank account number(s), expiration date(s), and cardholder or account holder name(s);
  • Your Social Security Number (SSN), government ID number, passport number, and/or employer identification number (EIN);
  • Other unique identifiers such as your user name(s), account number(s), or password(s);
  • Technical data such as geolocation data, IP addresses, and mobile device IDs;
  • Employment-related information such as resumés, employment history, education information, references and background checks.

How USP Collects Personal Data

Personal Data may be collected by USP directly from you based on your interactions with us, through third parties acting on our behalf, or from our customers with whom you have a direct relationship.  For example:

  • Directly from you when you access, visit, or interact with USP’s website(s);
  • From our customers with whom you do business to complete your financial transactions, such as the financial institution with whom you bank or the merchants with whom you shop;
  • From third parties with whom we partner or contract to provide our products and services directly to you or to our customers;
  • Directly from you when you seek employment with us or about you from individuals seeking employment with us (such as employment history, personal and professional references, and emergency contact information).

When we collect your Personal Data, it is collected for specific, explicit, and legitimate purposes and will be processed only to fulfill those purposes.  USP only collects that Personal Data which is adequate, relevant, and limited to what is necessary for us to fulfill those purposes.  If USP intends to use your Personal Data for any new purposes not previously identified to you and which are incompatible with the original purposes, you will be notified of those new purposes before that intended use and, where applicable, provided the means by which you may restrict our use of your Personal Data for those new purposes.

In instances where we collect Personal Data directly from you, you are not required to provide your Personal Data to us.  However, if you do not permit the collection of your Personal Data in those circumstances, we may be unable to provide our products or services to you, consider you for employment, or ensure the proper functioning of our website(s), products, or services.

How USP Uses Your Personal Data

We will use your Personal Data in accordance with the terms of this Privacy Policy as well as any applicable Privacy Notice(s) you may receive in connection with your employment with USP or the specific products or services we provide directly to you or which our customers provide to you.  We will use your Personal Data for the following purposes:

  • To provide our products and services to you or to our customers with whom you do business;
  • To complete financial transactions requested by you or conducted on your behalf;
  • To protect against and prevent fraud;
  • To detect and prevent money-laundering, cooperate with criminal investigations, and respond to court orders;
  • To enforce our rights and initiate or defend legal actions involving USP;
  • To market our products and services or those of our partners to you;
  • To provide customer service to you, personalize our website(s) for you, and otherwise communicate with you;
  • To conduct our everyday business operations, including to develop, maintain, improve, test, evaluate, and update our products and services;
  • To fulfill our contractual obligations to you and to our customers;
  • To comply with all legal requirements applicable to USP. 

We do not sell or rent your Personal Data or provide lists of our customers to third parties for their direct marketing purposes

How USP Protects Your Personal Data

The security of your Personal Data is important to USP.  When USP processes your Personal Data, we engage technical and organizational security measures using commercially reasonable industry practices as outlined by Applicable Law, including current industry standards such as those published by the Payment Card Industry Security Standard Council (PCI), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST). 

The technical and organizational measures USP implements to protect your Personal Data, include, but are not limited to: (i) appropriately encrypting your Personal Data in transit and in storage; (ii) limiting access to your Personal Data to only those employees with a legitimate need for access to perform their job functions or provide our products and services; (iii) protecting systems and databases through the use of appropriate access controls, firewalls, and anti-intrusion measures; and (iv) securing USP premises and offices through the use of on-site security personnel, closed-circuit security cameras, and access controlled entryways.  In addition to internal technical and organization security measures such as these, USP undergoes regular external audits of its security measures by independent auditors.  USP regularly monitors, reviews, and updates its technical and organizational security measures to ensure that its measures are kept current with and appropriately address emerging threats and vulnerabilities.

In the event that your Personal Data is accessed by an unauthorized individual and a misuse of that Personal Data would be likely to result in a risk to your rights and freedoms or in a risk of unauthorized use, we will notify you as required by Applicable Law unless a law enforcement agency believes that such notification may interfere with any applicable criminal investigation. 

How Long USP Retains Your Personal Data

USP will retain your Personal Data only as long as it is necessary to provide our products and services to you or our customers, to fulfill the specific lawful purposes we collected it for, to resolve disputes or defend or commence legal actions, to administer and comply with our contractual obligations, and to comply with Applicable Law. 

When your Personal Data no longer needs to be retained, and depending on the exact circumstances involved, we will: (i) delete it from our systems in a safe and secure manner; (ii) return it to our customer or the third party from whom we collected it; and/or (iii) de-personalize it so it may no longer be used to identify you (commonly referred to as “Anonymization”).

Third Parties to whom USP will Disclose Your Personal Data

USP must disclose Personal Data in order to conduct its everyday business operations and to provide its products and services to you and its customers across the globe.  Where it is necessary for USP to disclose your Personal Data to an authorized third party, we will disclose only the minimum amount of Personal Data necessary to complete the purposes for the disclosure.  The third parties to whom USP discloses your Personal Data are or will be subject to contractual obligations to appropriately protect and secure it, maintain its confidentiality, abide by USP’s instructions for its processing, use it only to fulfill the purpose for its disclosure, and comply with Applicable Law. 

We may disclose your Personal Data to our business partners, service providers, suppliers, business consultants, legal advisors, accountants, and other authorized third parties who provide services to USP or who perform marketing or other functions on our behalf. 

In the course of its business operations, it is possible that USP may be involved in, or be the subject of, various business transactions, including a merger, acquisition, reorganization, or sale of business units or assets.  Such transactions may involve the Personal Data collected by USP and that Personal Data may be disclosed to the other parties involved in those transactions.  To the extent that such transactions involve the Personal Data collected by USP, this Privacy Policy will continue to apply to your Personal Data unless amended by USP or by the other parties involved in the transaction as may be applicable.

There may be circumstances where USP is required by Applicable Law to disclose Personal Data to a variety of law enforcement or government agencies.  These circumstances may include situations where we suspect fraudulent or criminal activities, are required to cooperate with legal investigations, or must comply with court orders or other legal proceedings.  In such circumstances, USP will take commercially reasonable steps to disclose only the Personal Data that is required to fully comply with Applicable Law.  Where applicable and appropriate, USP may also take necessary legal steps to prevent the disclosure of Personal Data in such circumstances, such as seeking protective orders or requesting to quash or limit legal subpoenas.

Children’s Personal Data

USP recognizes the importance of children’s safety and privacy on the Internet. USP’s website(s), products and services are not directed at children.  We do not intentionally collect Personal Data from children under the age of 13, nor do we offer content targeted to children under 13.

Online and Mobile Privacy

Our Use of Cookies

“Cookies” are small packs of data which are placed in your internet browser and used by website operators such as USP to provide such functionalities as tracking your visits and activity and storing your online log-on information and preferences.  USP uses cookies and similar online tracking technologies for numerous purposes, including:

  • Storing your Preferences and Settings.  Settings that enable our website to operate correctly or that maintain your preferences over time may be stored on your device.  For example, we save preferences, such as language, browser and multimedia player settings, so those do not have to be reset each time you return to the site. If you opt out of interest-based advertising, we store your opt-out preference in a cookie on your device.
  • Sign-in and Authentication.  When you sign into a website using your personal USP account, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device.  This cookie allows you to move from page to page within the site without having to sign in again on each page.  You can also save your sign-in information so you do not have to sign in each time you return to the site.
  • Security.  We use cookies to detect fraud and abuse of our websites and services.
  • Social Media.  Some of our websites include code snippets provided by social media companies that can sense if you are already logged into a given social media account so you can easily share USP content with other social media users via that account.  These code snippets read cookies set previously by social media company web content while you are logged in and browsing such content on those social media sites.
  • Interest-Based Advertising.  USP uses cookies to collect data about your online activity and identify your interests so that USP and our advertising partners can provide advertising that is most relevant to you.  You can set your preferences for these types of cookies via the “Cookie Settings” link on our homepage.  You may also opt-out from receiving internet-based advertising from participating members of the following advertising associations:
  • Analytics.  To provide our products, and improve your user experience on our website, we use cookies and other identifiers to gather usage and performance data.  For example, we use cookies to count the number of unique visitors to a web page or service and to develop other statistics about the operations of our products.  This includes cookies from USP as well as from third party analytics providers.
  • Performance.  We use cookies for load balancing to ensure that USP websites remain functioning properly.

Most web browsers automatically accept cookies but provide controls that allow you to block or delete them.  In most web browsers, you can block or delete cookies by clicking Settings > Privacy > Cookies.  Instructions for blocking or deleting cookies in your web browser are generally made available in its privacy or help documentation.

Certain features of USP products and services depend on cookies.  If you choose to disable cookie functionality, you may not be able to sign in or use those features and preferences that are dependent on cookies may be lost.  If you choose to delete the cookies stored in your web browser, settings and preferences controlled by them, including advertising preferences, will be deleted and may need to be recreated.  You may set your preferences and opt-out of cookies used by USP as described in the “How to Exercise Your Personal Data Rights and Preferences” section of this Privacy Policy.   

Our Use of Log Files

“Log files” are automatically produced files that contain a detailed record of events occurring from within selected software or operating systems.  We may automatically gather, or engage a third party to gather, certain information about our website’s traffic and store it in log files.  For this purpose, we use Internet Protocol (IP) addresses to analyze trends, execute the web sites, track our users’ activities, and gather broad demographic information for aggregate use. We may combine this automatically collected log information with other information we collect about you. We do this to improve the products and services we offer to you and to improve our marketing, analytics, and website functionality.

Our Use of Local Storage

“Local storage” is the capability for the storage and retrieval of data in hyper-text markup language (HTML) pages natively integrated into your web browser.  Like cookies, USP uses local storage (such as HTML5) to store content and preference information.  Third parties who we partner with to provide certain features on our websites or to display advertising based upon your web browsing activity may also use HTML5 to collect and store such information.  Various browsers may offer their own management tools for removing or disabling HTML5.

Our Use of Social Media Features and Widgets

Our web sites may include social media features and widgets, such as the Facebook Like and Share buttons. These features may also have interactive mini-programs and may collect Personal Data, such as your IP address, as well as the webpage(s) you visit on our sites.  In addition, these features may set a cookie to enable themselves to function properly.  These features are either hosted by a third party or hosted directly on our web sites. Your interactions with these features are controlled by the Privacy Statement of the company providing them.

Our Use of Email and SMS Text Communications

Depending on the nature of our relationship with you or the product or service we provide to you, USP may communicate with you through email or SMS text messaging.  You may exercise your rights to withdraw your consent (“opt-out”) from receiving these types of communications under Applicable Law as described in the “How to Exercise Your Personal Data Rights and Preferences” section of this Privacy Policy. 

International Transfers of Personal Data

USP’s corporate headquarters is located in the United States but we have offices and data centers around the world, including in the United Kingdom, Ireland, and the United States.  As a result, the Personal Data USP collects about you may be transferred across international borders, including outside of the country in which you reside.

Where Personal Data is transferred by USP across international borders, that Personal Data will be transferred in accordance with Applicable Law, including, but not limited to, through the use of one or more of the following lawful mechanisms where required:

  • Adequacy determinations issued by relevant Data Protection Authorities or adequacy mechanisms approved by them;
  • Explicit consent from you;
  • Model Contractual Clauses (also referred to as Standard Contractual Clauses) issued and approved by relevant Data Protection Authorities; or
  • Other lawful grounds set forth in Applicable Law, such as: (i) to complete a contract to which you are a party or which is concluded in your interests; (ii) to protect your vital interests where you are physically or legally incapable of providing your consent; or (iii) to establish or exercise USP’s defense to applicable legal claims.

USP, and its subsidiary USP Payments (collectively “USP”), complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, United Kingdom, and/ or Switzerland to the United States.  USP has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of such frameworks. USP is committed to subjecting all Personal Data received from European Union member countries, the United Kingdom, and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield Frameworks, and to view our certification, visit at https://www.privacyshield.gov/list.

USP is responsible for the processing of Personal Data it receives under the Privacy Shield Frameworks and subsequently transfers to a third party acting as an agent on USP’s behalf. USP complies with the Privacy Shield Principles for all onward transfers of Personal Data from the European Union, United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, USP is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

On July 16, 2020, the European Union Court of Justice issued a decision invalidating the EU-U.S. Privacy Shield as an adequacy mechanism for international transfers of Personal Data from the European Union to the United States.  Similarly, on September 8, 2020, the Swiss Federal Data Protection and Information Commissioner issued its decision invalidating the Swiss-US Privacy Shield.   Notwithstanding these decisions, USP will continue to comply with the requirements of the Privacy Shield Frameworks as administered by the U.S. Department of Commerce, but perform any applicable international transfers from the European Union and Switzerland to the United States pursuant to other lawful mechanisms under Applicable Law, such as the use of Model Contractual Clauses.  Where applicable, you may obtain a copy of the Model Contractual Clauses USP relies on for the transfer of your Personal Data from the European Union, United Kingdom, and Switzerland to non-adequate countries by contacting us as described in the “How to Contact Us” section below.

In addition to its participation in the Privacy Shield Frameworks and use of Model Contractual Clauses, USP performs Data Transfer Impact Analyses on its transfers of Personal Data across international borders as required by Applicable Law.  These analyses help USP to ensure that appropriate technical, organizational, contractual, and supplementary measures are implemented to ensure the Personal Data rights granted to you under Applicable Law are protected in the country to which your Personal Data may be transferred.

Your Data Privacy Rights

USP recognizes and respects your Personal Data rights.  The following rights may apply to you, depending on your location.  USP will respond to any data subject request in accordance with local legal obligations.

  • Confirmation and Access.  You may have the right to request that we confirm whether we have collected Personal Data about you and, if we have, to request access to that Personal Data.
  • Correction.  You may have the right to request that we correct and update your Personal Data or otherwise permit you to provide supplementary information to complete your Personal Data where applicable.
  • Deletion.  You may have the right to request that we delete the Personal Data we have collected about you, subject to exceptions under Applicable Law.
  • Restriction of Processing.  You may have the right to restrict our processing of your Personal Data as provided by Applicable Law.  For example, you may restrict further processing of your Personal Data when: (i) you contest the accuracy of your Personal Data; (ii) we no longer need your Personal Data to accomplish the lawful purposes for its processing, but you require it to establish, exercise, or defend a legal claim; (iii) you have objected to our processing of your Personal Data until verification of our legitimate grounds for that processing which override your objection.  If we subsequently reinstate our processing where a restriction has been granted, we will inform you of that fact as required by Applicable Law.
  • Objection.  You may have the right to object at any time to USP’s processing of your Personal Data based on our legitimate interests or any processing we may conduct in the public interest or in the exercise of official authority granted to us.  You may also object to (or “opt-out” from) our processing of your Personal Data for our direct marketing purposes, including profiling related to such direct marketing.  If USP’s basis for processing your Personal Data is based on your consent, you may withdraw your consent at any time.
  • Data Portability.  You may have the right to receive a copy of the Personal Data you have provided to USP in a structured, commonly used and machine-readable format capable of being transmitted by USP to another Data Controller where feasible and where it is processed by USP through automated means and is: (i) based on your consent or explicit consent; or (ii) necessary for the performance of a contract with you or steps taken as requested by you prior to our entering into a contract with you.
  • Automated Decision-Making or Profiling.  You may have the right not to be subject to a decision based solely on USP’s automated processing, including profiling, which produces a legal effect or similarly significantly affects you, unless that automated processing: (i) is necessary for entering into, or our performance of, a contract with you; (ii) is authorized by Applicable Law; or (iii) is conducted with your explicit consent.
  • To Lodge a Complaint with a Supervisory Authority.  You may have the right to submit a complaint under Applicable Law regarding USP’s processing of your Personal Data to a supervisory authority in your country of residence or the country where our processing giving rise to your complaint took place. 

To exercise your Personal Data rights, please refer to the “How to Exercise Your Data Privacy Rights and Preferences” section of this Privacy Policy.

To submit a complaint or grievance, including where to obtain contact information for the respective supervisory authorities, please refer to the “How to File a Complaint or Grievance” section of this Privacy Policy.

How to Exercise Your Personal Data Rights and Preferences

You may exercise your Personal Data rights and preferences outlined above by contacting us through one of the following applicable methods:

  • You may submit your request to us online by submitting this request form.
  • You may contact the USP Privacy Office by email at [email protected].   When contacting us via email, do not include sensitive Personal Data such as your Social Security Number, Date of Birth, or financial account numbers.
  • You may write to us at: Data Protection Officer, USP Worldwide, Inc., 2811 Ponce de Leon Blvd, Suite 1300, Coral Gables, FL 33134
  • You may opt-out from receiving SMS text messages from USP by replying to the text sent with the message OPT-OUT.  We will confirm your opt-out with a confirmation text message reply.
  • You may opt-out from receiving commercial marketing emails from USP by responding to the unsubscribe link contained in the email itself or by unsubscribing here.
  • You may set your online privacy preferences and opt-out of cookies used by USP by following the “Cookies Settings” link on the USP homepage.
  • When you submit a request to us to exercise your Personal Data rights, we will attempt to verify your identity.  If we are unable to verify your identity using the Personal Data included in your request as well as any Personal Data we may already have under our control, we may reach out to you for further confirmation.  Any additional Personal Data you may supply to us to verify your identify will only be used to fulfill your request.  If we are unable to verify your identity, we may be unable to fulfill your request.

There is no fee for exercising your Personal Data rights and we will not discriminate against you or take adverse action against you for doing so.  However, we may impose a fee or deny your request if we conclude, in our sole discretion, that your requests are manifestly unfounded, repetitive, or excessive in nature.  In those circumstances, any fee that may be imposed will be imposed only as permitted under Applicable Law.

We will respond to your requests within the time frames required under Applicable law.  If we are unable to honor your request, or we require additional time to respond, we will notify you of the reasons for our denial or our delay.

There may be circumstances where USP is acting in the capUSPty of a Data Processor on behalf of a Data Controller with whom you have a direct relationship, such as your financial institution.  In these circumstances, if you submit your request direct to us we may refer you to the Data Controller with whom you have the relationship to pursue your Personal Data rights.

Additional Region-Specific Information

Applicable Law in the following states, territories, and countries requires that additional information concerning our processing of your Personal Data be provided to you.

United States

California Residents

In accordance with California law, USP will not share Personal Data we collect about you with companies outside of USP except as required or permitted by law. For example, we may share your Personal Data to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.

The California Consumer Privacy Act (Cal. Civ. Code §1798.100 et. seq.)
Pursuant to the California Consumer Privacy Act (the “CCPA”), you have (i) the right to know what Personal Data a Business has collected, disclosed, or sold about you; (ii) the right to have any Personal Data a Business collected from you deleted; and (iii) the right to request that a Business not sell your Personal Data.

USP operates as both a Service Provider to others as well as a Business on its own behalf as those terms are defined by Cal. Civ. Code §1798.140(c).

In the prior 12 months, USP collected the following categories of Personal Data about California residents as a “Business”:

Identifiers — such as your name, mailing address, email address, Internet Protocol address, Social Security number, or other similar identifiers.
Personal Data — categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – such as your name, Social Security number, mailing address, telephone number, bank account number, credit card number, or debit card number.
Commercial information — such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other similar network activity — such as browsing history, search history, and information on consumer interaction with our websites.
Geolocation data — such as physical location or movements.

You have the right to request that we disclose to you:

i. The categories of Personal Data we have collected about you as a Business;
ii. The categories of sources from which we have collected your Personal Data as a Business;
iii. The business or commercial purpose for our collection of your Personal Data as a Business;
iv. The categories of third parties with whom we share your Personal Data as a Business;
v. The specific pieces of Personal Data we have collected about you as a Business;
vi. If we have sold your Personal Data or disclosed it for a business purpose:
          a. The categories of Personal Data that we sold about you along with the categories of third parties to whom it was sold;
          b. The categories of Personal Data that we disclosed about you for our business purposes.

You may request access to your Personal Data twice in any 12-month time-period, measured from the date your first request is received by us. If you submit a request to access your Personal Data more than twice in any 12-month time-period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.

You may also ask us to delete any Personal Data that we have collected from you. If you request that your Personal Data be deleted, we will delete all Personal Data we have collected from you and, as applicable, instruct our Service Providers to do the same unless we are legally permitted or required to retain it. You may request that we delete the Personal Data we have collected from you at any time.

You may exercise your rights by submitting a request through the mechanisms set forth in the “How to Exercise Your Personal Data Rights” section of this Privacy Policy. You may also designate an authorized agent to exercise these rights on your behalf by providing them with your written permission to do so and registering them with the California Secretary of State.

Colorado Residents

Colorado law requires us to respond to a data subject request within 45 days of receipt (or 90 days if reasonably necessary). If USP refuses to take action on a data subject request, we will provide our reasons and instructions for how to appeal the decision. Within 45 days of receipt of an appeal (or 105 days if reasonably necessary), USP will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, USP will also inform you of your ability to contact Colorado’s Attorney General to submit any concerns about the result of your appeal.

Nevada Residents

Nevada law requires us to disclose that you may elect to be placed on our internal do-not-call list by calling us at 1-800-487-4567 or by submitting this request form. For further information, contact the Nevada Attorney General’s office at 555 E. Washington Ave., Suite 3900, Las Vegas, NV 89101; by phone at 702-486-3132; or by email at [email protected].
 
                USP does not sell the Personal Data of Nevada residents.  Nevada law gives Nevada residents the right to request that their Personal Data not be sold at any time, regardless of our current business practice. If you are a Nevada resident and wish to exercise this right, please submit your request through the mechanisms set forth in the “How to Exercise Your Personal Data Rights and Preferences” section of this Privacy Policy.

Texas Residents

If you have a complaint, first contact USP at 1-800-487-4567 or submit this request form.  If you still have an unresolved complaint, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll free); http://www.dob.texas.gov/

Vermont Residents

In accordance with Vermont law, we will not share information we collect about you with companies outside of USP except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.

Virginia Residents

If USP refuses to take action on a data subject request, in accordance with Virginia law you may appeal USP’s refusal within a reasonable period of time. Within 60 days of receipt of an appeal, USP will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, USP will also provide you with information about how to contact Virginia’s Attorney General to submit a complaint.

European Union

Our Lawful Basis for Processing Personal Data:

Article 13 of the GDPR requires that we inform you of the purposes for our processing your Personal Data and the corresponding lawful basis for that processing:

Business Purpose(s)Lawful Basis (and accompanying GDPR Article)
— To provide our products and services.
— To complete financial transactions requested by you or conducted on your behalf.
— To fulfill our contractual obligations to you and to our customers.
Contractual Obligation (Article 6(1)(b)) – Our processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
— To market our products and services or those of our partners.
— To conduct our everyday business operations, including to develop, maintain, improve, test, evaluate, and update our products and services.
— To enforce our rights and initiate or defend legal actions involving USP.
Legitimate Interest (Article 6(1)(f)) – Our processing is for the purposes of our legitimate interests, except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of personal data.
— To provide customer service to you, personalize our website(s) for you, and otherwise communicate with you.Consent (Article 6(1)(a)) – you have given consent to the processing of your personal data for one or more specific purposes.
— To comply with all legal requirements applicable to USP.
— To detect and prevent money-laundering, cooperate with criminal investigations, and respond to court orders.
Legal Obligation (Article 6(1)(c)) – Our processing is necessary for compliance with a legal obligation to which we are subject.

Our Use of Automated Decision-Making                

Some of our customers (with whom you may have a direct relationship) may elect to utilize automated decision-making functionality as part of USP’s fraud prevention service.  (This could protect you, for instance, if a card transaction is initiated in a country in which you do not reside.)  Automated decision-making processes utilize Personal Data only where it is required in connection with a contract to which you or USP are a party or as required or permitted by Applicable Law.  You may contact our customer with whom you have a direct relationship (such as the merchants you shop with or your financial institution) for more information on the automated decision-making process.  You may also contact our Data Protection Officer for more information on USP’s automated decision-making processes as provided in the “How to Contact Us” Section of this Privacy Policy.

How to File a Complaint or Grievance

For residents of the various member states of the European Union, Data Protection Authority Contact information for filing a complaint or grievance can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

If you have an unresolved concern regarding USP’s processing of your Personal Data that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

How to Contact Us

USP has appointed a Chief Privacy Officer/ Data Protection Officer who oversees USP’s compliance with Applicable Law.  If you have any questions or comments related to this Privacy Policy or USP’s processing of your Personal Data, please contact USP at the following address or email:

Mohammed Mortajine
Chief Privacy Officer / Data Protection Officer
USP Worldwide, Inc.
2811 Ponce de Leon Blvd
Suite 1300
Coral Gables, FL 33134
Email: [email protected]

Let’s Talk Payments

Our payment experts are ready to help you tackle your payment challenges. Set some time to speak today!

Contact Us

STAY INFORMED

© 2022 USP Worldwide. All rights reserved.