Verifone, Inc. and its operating groups, parent(s), subsidiaries, and affiliates (collectively, “Verifone”, “we”, “us”, “our”), are committed to protecting the privacy and security of your personal information or data.
This Privacy Policy (“Policy”) applies to personal information we collect and process. It describes the type of personal information we collect or receive, how we use, share, and protect personal information, how we use cookies and similar technologies, and your rights and choices. If you have any questions about the Policy, please see the contact information at the bottom of this page.
“Personal Information” or “Personal Data” means any information that relates to an identified or identifiable individual and can include information that you provide to us and that we collect about you, such as when you engage with Verifone services (e.g., device information, IP address, billing info, cardholder data) or when you are visiting Verifone’s Websites.
“Business Services” means the services provided by Verifone to Merchants who directly and indirectly provide Verifone a Shopper's Personal Information (as the cardholder) in connection with those businesses and activities provided to the Shopper by the Merchant.
“Merchant” refers to legal entities such as merchants, partners, affiliates, and their (legal) representatives or personnel.
“Shopper” refers to the individual whose Personal Information is processed as part of Verifone’s business operations when they are purchasing from Merchants who use Verifone’s payment processing services.
“Shopper Services” refers to the Services provided by Verifone directly or indirectly to Shoppers for their own use.
“Websites” means www.verifone.com, www.verifone.cloud.com, and the other websites, apps, and online services that Verifone expressly indicates are covered by this Policy.
“Services” encompasses Websites, Business Services, and Shopper Services.
Depending on the context, “you” means the Merchants and their (legal) representatives or personnel, Shoppers, and Website visitors.
Personal Information We Collect
Information gathered by Verifone is collected in various ways — directly from you, indirectly from third-party sources, or automatically through technology.
- Direct Collection (DC): We collect information directly from you during our interactions. This includes data you provide via forms on our Websites, during transactions, and when you communicate with us directly.
- Indirect Collection (IC): Information may be gathered from third-party partners, affiliates, or from publicly available sources.
- Automatic Collection (AC): We automatically collect certain information using cookies and similar technologies when you browse our Websites.
We process your Personal Information using both manual and automated methods. While some decisions are made automatically, they are reviewed by our team to ensure accuracy and fairness. Not all processing is automated; we maintain a human element in our decision-making processes.
In some instances, providing your Personal Information is mandatory for us to deliver the requested services. Conversely, there are cases where you have the option to withhold your data, such as for marketing preferences. We will indicate mandatory information with an asterisk (*) and optional data with a hash (#) symbol during the collection process.
Collection type | Categories and types of Personal Data collected: | Website Visitors | Shoppers | Merchants |
| DC, AC | Usage of the Website: When you access our Websites, we collect information related to your usage, such as the type of device you use, including its hardware model, unique device identifiers, MAC address, IP address, operating system version, and device settings. We also gather log data detailing the time and duration of your Website visits, search data, and cookie-stored information that uniquely identifies your browser or account. Additionally, we may collect your location data to understand where our services are accessed from, and other data if you visit third-party sites or applications linked to our services. This collection also extends to how you interact with the content on our Website, helping us to tailor and improve your online experience. | X | X | X |
| DC, IC, AC | Communication and enhancement data: information we collect through various forms of interaction with you including support tickets, emails correspondences, and social media engagements. It encompasses details provided when you register for, attend, or view our events, and any Personal Information you post on forums and discussion groups. This data helps us to support you effectively and enhance our service offerings by understanding how you use and engage with our services. | X | X | X |
| DC | # Identity/Verification Information: information which includes access credentials and details necessary to confirm the identity of both Shoppers and Merchants, such as information used for 'MyAccount' services. This may include a range of data provided during account creation, account management, and verification processes to ensure secure access and the integrity of transactions | X | X | |
| DC | # Shopper transaction data: information which includes name and surname, email address, billing address, shipping address, payment method information (credit or debit card number, bank account information, or payment card image selected by the Shopper), Merchant and location, purchase amount, date of purchase, information about the purchased items, phone number, past purchases, (auto)renewal, chargeback, and refunds. | X | ||
| DC | # Merchant’s contractual data: name and surname of the legal representative or contract manager, their signature, professional role or position within the company, and details regarding any authorized personnel. Additionally, we gather contact information such as phone numbers and email addresses, along with the billing, shipping, and main office addresses of the Merchant's business. | X | ||
| DC, IC | # Underwriting Merchant’s data: business information, ownership, and control information, identity information, including ID, financial data, information required for Know Your Customer (KYC) obligations, credit, and financial history. | X | ||
| DC, IC, AC | # Security and fraud prevention data: information to detect and manage fraudulent activity, information to secure Services and transactions against unauthorized access, use, modification, or misappropriation of Personal Data, information, and funds. | X | X | X |
| DC, IC, AC | # Compliance with Legal Obligations data: Underwriting Merchant’s data, Payment-related data, Identity/Verification Information, Shopper transaction data, Security and fraud prevention data, Age data, Sensitive data. | X | X | X |
| DC | # Age data: e.g., imposition of age limits as required by applicable law | X | X | |
| DC, IC, AC | # Payment-related data: including financial data, transaction data, geographic data, processing logs, cardholder information and Shopper transaction data. | X | ||
| DC, IC, AC | Marketing data: Our marketing data collection integrates both structured and unstructured data to build a detailed picture of our Website visitors' and Shoppers' behavior and preferences, which is pivotal for tailoring our marketing strategies. Structured data include customer segmentation variables such as demographic information, purchase history, page views, and engagement metrics across emails and social media platforms, capturing insights into customer interactions, preferences, and responses to our content. Unstructured data come from more open-ended sources such as social media commentary, customer feedback through surveys and support tickets, and visual or textual content shared by users. All marketing activities are contingent upon obtaining consent from the individuals concerned, which can be granted directly to Verifone or via our merchant partners. This consent-based approach ensures our marketing efforts align with our users' interests and comply with privacy regulations. | X | X | X |
| DC | # Sensitive data: We recognize the sensitive nature of certain personal data categories, such as race, ethnic origin, political opinions, biometrics (when used for identification purposes), health-related data, and information on criminal convictions and offenses. Our processing of such sensitive data is limited and occurs only when strictly required by law. We adhere to the rigorous legal standards governing the handling of this information and implement stringent security measures to protect it. Generally, our policy is to avoid processing sensitive personal data unless it is necessary for legal compliance or specific purposes where enhanced data protection measures are mandated. | X | X | |
| AC | # Shopping carts: During the checkout process in shopping carts, we automatically collect additional personal information to facilitate your purchase. This information may include your IP address, browser type, operating system, mobile device identifier, and geographical location. For card payments or other payment instruments, an authorization process is initiated with the issuing bank to verify the transaction, which is an automatic process based on data such as the payment amount, payment location, payment history, payee details, and the specific purpose of the payment. Card payments require such authorization to proceed. We also engage intermediary companies to fulfill legal requirementspertaining to payment processing, such as 3D secure authentication, to ensure the security and compliance of your transactions. | X | X |
How and Why We Use the Personal Information
In general, we will use the Personal Information we collect from you only for the purposes described in this Policy or for similarly compatible purposes, or for purposes that we explain to you at the time we collect your Personal Information.
Generally, we do not rely on consent as a legal basis for the processing of your Personal Data, although we will get your consent before sending marketing communications to you. Nevertheless, you can exercise your rights under applicable data protection laws, at any time by completing an on-line form available here.
In particular, we will use your information for our legitimate business and commercial purposes, including to:
| Purpose of processing | Legal basis of processing |
| Provide the products, Services, or solutions you purchase to carry out the terms of our agreements with you and to manage our business relationship (e.g., processing and fulfilling orders and transactions). | Based on contractual necessity, ensuring the performance of our contractual relationship with you. |
| File taxes on behalf of our Merchants, submitting forms to competent authorities on their behalf; | |
| Pay commissions and provide other contractual benefits; | |
| Provide Business Services to Merchants involving processing of online payment transactions, calculating applicable sales tax, invoicing, billing, and revenue calculation. For Shoppers, when engaging with a Merchant through our Services, Verifone receives transaction information. | |
| Manage and administer the specific business activities of Verifone. This includes overseeing day-to-day operations, strategic planning, and administrative tasks essential for the functioning and success of Verifone's business. The processing of Personal Information for these purposes aligns with our business interests in operating and improving our business, ensuring compliance, and providing efficient and effective services, including ensuring business continuity. | Compliance with legal obligations extends to our financial and regulatory commitments. We process Personal Data to adhere to fraud monitoring, prevention, and detection obligations. This includes compliance with laws related to identifying and reporting illegal activities, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, as well as financial reporting obligations. |
| Collect debts directly by Verifone or through authorized persons based on collaboration/service contracts. | Based on the legal obligations related to money and capital management. |
| Implement and conduct whistleblowing programs. Communication tools are operationalized for reporting violations of Verifone’s Code of Business Ethics & Conduct. | In accordance with our legitimate interest in preventing fraud and illicit activities. |
| Manage and service your account (including activating, registering, or updating products you have purchased from us, e.g., payment terminal). | Based on contractual necessity, ensuring the performance of our contractual relationship with you. |
Provide support service (including sending important notices regarding the updating of our terms, conditions, and policies, products and services warranties, products, and services activation/de-activation, including informing you about similar services, products, and other offerings.
| Based on contractual necessity, ensuring the performance of our contractual relationship with you. |
Improve, upgrade, and enhance our services (including developing new products and services and analyzing our products).
| Driven by legitimate interests, Personal Data might be processed to enhance Services and ensure business improvement. |
Conduct auditing (including credit reference checks and other financial due diligence).
| Based on contractual necessity, ensuring the performance of our contractual relationship with you. |
Perform accounting, auditing, billing reconciliation and collection, and other internal business functions.
| Based on contractual necessity, ensuring the performance of our contractual relationship with you. |
Undertake internal research for technological development (including performing data analysis and processing, market and consumer research, satisfaction research, trend analysis, and financial analysis).
| Engaging in such activities aligns with our legitimate interest in offering products or services that may be of interest to you. |
Undertake activities to verify and maintain the quality and safety of our Service.
| Engaging in such activities aligns with our legitimate interest in offering products or services that may be of interest to you. |
| Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity (including protecting against fraud and other unlawful activity, claims, and other liabilities; establishing, exercising, and defending legal rights; to comply with our legal and regulatory obligations under applicable law; and maintaining the physical security of our premises and electronic security). | Compliance with legal obligations extends to our financial and regulatory commitments. We process Personal Data to adhere to fraud monitoring, prevention, and detection obligations. This includes compliance with laws related to identifying and reporting illegal activities, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, as well as financial reporting obligations. |
| Detect and prevent fraud against Verifone, our Merchants, and our financial partners. This involves identifying unauthorized logins by analysing your online activity. | |
| Perform card verification, namely using the Personal Data of Shoppers to detect and prevent fraud for Merchants. Personal Data may be also provided to Merchants to assess fraud risk associated with transactions. | |
| Ensure compliance (i) to comply with applicable laws, (ii) to adhere to payment method rules, (iii) to enforce contractual rights, (iv) to secure and protect services, rights, privacy, safety, and property, and (v) to respond to valid legal process requests. | |
Operate and manage our Websites and perform debugging to identify and repair errors.
| Based on the legal obligation to maintain the functionalities for providing services 24/7. |
| Comply with legal and regulatory obligations, not limited to complaints handling, consumer protection, and providing online services. | Based on legal obligations regarding consumer protection, including transparency principle and withdrawal right. |
| Comply with any reporting obligations or investigations from government authorities or financial institutions, fulfilling other financial, tax, legal, compliance, or administrative functions. | Based on legal obligations regarding tax, finance, and accounting requirements, including information disclosure upon official requests. |
| Compile statistical or aggregated reports/forms without identifying you. Thus, we may also use your information in an anonymized, de-identified, or aggregated manner that does not enable direct identification of any individual to evaluate and improve our offerings. | Driven by legitimate interests, Personal Data might be processed to enhance Services and ensure business improvement. |
| Performing marketing and advertising activities. Your Personal Information may be utilized to assess your eligibility for additional services and for interest-based advertising and marketing. We are committed to not sharing your Personal Information with third parties for marketing purposes unless explicit permission is granted. We may send you email marketing communications about Verifone products and services, invite you to events, or surveys, or communicate for marketing purposes in accordance with applicable law. | Based on your prior consent for processing this Personal Information. |
Children's Privacy
Our Websites and Services are not directed at children under 16 years old, therefore you will be asked to check the limit age box. We do not knowingly solicit or collect Personal Information from children when offering services of an informational society (except if explicit consent from parent or custodian is obtained prior to such collection is subject to a separate agreement with us or the visit by a child is unsolicited or incidental).
In addition, kindly be informed that the national laws might have a different age threshold at which a child is generally considered to be competent to provide their own consent to processing.
If we discover that accidentally we collected Personal Data from a child, we will remove that child's Personal Data from our records as soon as reasonably possible. If you believe we have mistakenly or unintentionally collected Personal Data of a minor without appropriate consent please contact us and we will take steps to delete their Personal Data from our systems.
Personal Information We Share
At Verifone, we are committed to maintaining the privacy of your Personal Information. We only share your Personal Information with specific categories of recipients under certain conditions:
1. Within Our Corporate Group: for internal operational needs and in instances of business restructuring, we may share data with our affiliates. We ensure that your data is used consistently with this policy. A list of our current group company locations is available here.
2. Service Providers and Partners: we collaborate with third-party service providers and partners who assist in delivering our Services. These entities are obligated to adhere to strict data protection and confidentiality standards.
3. Legal and Regulatory Authorities: in cases required by law, such as for legal proceedings or to protect vital interests, we may disclose Personal Information to authorities.
4. Financial Institutions: for transaction processing, we share necessary Personal Information with banks and other independent payment service providers, who follow their own privacy policies.
5. Upon Your Consent: we will share your Personal Information with other entities when we have your explicit consent to do so.
6. To our affiliates: we may provide your Personal Data to affiliates or related companies for legitimate business purposes such as performance-based marketing.
7. Merchants and their affiliates or partners: Verifone is an e-commerce platform that enables You to access worldwide services and products from different merchants and as such Verifone must share Your personal data for the purpose of processing your order.
How We Protect Personal Information
At Verifone, safeguarding your Personal Information is a priority. We employ a combination of appropriate organizational, technical, and physical measures designed to protect your Personal Information from unauthorized access, destruction, alteration, or disclosure. Our security infrastructure includes advanced technologies like Secure Socket Layers (SSL), firewalls, and digital certificates. Additionally, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) for enhanced protection. While we strive to secure your Personal Information, it's important to acknowledge that no system can guarantee absolute security, especially over the internet. However, we are dedicated to continuously enhancing our security protocols and responding promptly to potential threats.
Because submissions of information over the internet are never entirely secure, we cannot guarantee the security of information you submit via the Internet and such submissions are made at your own risk. We encourage you to play a role in safeguarding your Personal Information by maintaining the confidentiality of your Personal Information.
Data Retention
At Verifone, we retain your Personal Information only as long as necessary for legitimate business purposes, such as providing services, complying with legal obligations, or fulfilling tax and accounting requirements.
Once there is no longer a business need to retain your Personal Information, we will either securely delete or anonymize it. In cases where deletion is not immediately possible, such as when the Personal Information is in backup archives, we ensure it is securely stored and isolated from further processing until deletion is feasible.
As part of our commitment to compliance, particularly for our UK operations under Verifone Payments UK we adhere to specific legal retention periods:
- Individual payment transactions Personal Data is retained for up to five (5) years, or in some cases ten (10) years, as required by Regulation 40(3) and 40(4) of the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, unless they are part of documents that are subject to longer retention obligations.
- Commercial documents and other data relevant under commercial and tax law, such as books or booking receipts, are deleted pursuant to Section 388 (4a) Companies Act 2006. The retention period is 3 years.
- Claim data from returned direct debits are deleted as soon as the claim has been fully settled unless they are part of documents that are subject to correspondingly longer retention obligations pursuant to the above.
Your Rights and Choices
If you are located in: | Each data subject/individual/natural person is entitled to the following data protection rights: |
| European Union or European Economic Area |
|
| United Kingdom | All the rights mentioned above regarding European Union/Economic European Area are applicable also for the United Kingdom. In addition, residents in the United Kingdom have also the following rights:
|
This Policy should be read in conjunction with the above-mentioned regulations, which supplement but do not override it. In cases of discrepancies, the relevant national privacy law will prevail.
We also wish to remind you that in certain circumstances, such as for legal record-keeping or completing ongoing transactions, we may need to retain some of your Personal Information even after you request its change or deletion. For instance, if you make a purchase or participate in a promotion, the related Personal Information may need to be retained until the transaction is fully completed. Furthermore, some of your Personal Information may be kept in our systems as required for compliance with applicable law.
Exercise your Rights and Choices
If you have provided consent for Personal Information processing, remember you can withdraw it at any time. This withdrawal will not affect past processing activities conducted legally prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
Should you have concerns about how we handle your Personal Information, you're entitled to lodge a complaint with your local data protection authority. For authority contact details in the European Economic Area, Switzerland, the UK, and selected non-European countries, please refer to the European Commission's directory available here.
To exercise your rights, please contact privacy@verifone.com and we will consider your request in accordance with applicable data protection laws. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information.
You can also request to exercise your rights under applicable data protection laws by completing our on-line form available here.
Unsubscribe from our Marketing Communications
You also have the right to opt-out of our marketing communications at any time. Simply click the “unsubscribe” or “opt-out” link in any marketing email from us to stop receiving such updates.
Using of Cookies and other Tracking Technologies
At Verifone, we use cookies and other tracking technologies to enhance your website experience and personalize our services. While these cookies don't collect personal information like your name or email, they may be linked to Personal Information you provide us through other channels.
You can adjust your browser settings to reject cookies, but this may affect your user experience on certain parts of our Websites.
For further information, please review our "Cookie Policy".
Links to Third-Party Websites
Our Websites may include links external sites not under our control, including those of our partners and suppliers. Please note that we are not responsible for the content or privacy practices of these external websites. This Policy does not apply to these third-party websites; your interactions on these websites are governed by their respective privacy policies and terms.
International Transfers
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).
Specifically, our Websites servers are located in the United States and our third-party service providers and affiliates operate around the world. This means that when we collect your Personal Information, we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Policy. If you are located in the European Economic Area, where we transfer your Personal Information to other countries, we rely on:
- European Commission adequacy decisions, which acknowledge that the non-EEA countries listed here have national laws that protect Personal Information to a substantially similar standard required by European Union law;
- The European Commission’s 2021 Standard Contractual Clauses, which require non EEA recipients of personal information to continue to protect the Personal Information they receive to the standard required by European Union law;
- International data transfer agreement and the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers; or
- Other lawful data transfer mechanisms or derogations from data transfer restrictions.
Further details can be provided upon request. Please see the contact information below.
Changes and Contact
We may change or update this Policy from time to time in response to changing legal, technical, or business developments. When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Policy changes if and where this is required by applicable data protection laws.
You can see when this Policy was last updated by checking the “last updated” date displayed at the top of this Policy.
If you have any questions about this Policy, please contact us at:
VeriFone, Inc.
Attn: Legal Department, Data Protection Officer
2744 N. University Drive,
Coral Springs,
Florida 33065
United States
Email:privacy@verifone.com
Verifone Payments B.V./2Checkout (formerly known as Avangate B.V.)
Attn: Legal Department
Singel 250
Amsterdam, Noord-Holland 1016AB
The Netherlands
Email:dpo@2checkout.com
Verifone Payments UK, Ltd.
Attn: Legal Department
1 Mondial Way
Hayes
UB3 5ARUnited Kingdom
Email:dpo@2checkout.com
Verifone Payments GmbH (formerly known as InterCard),
Attn: Data Protection Officer
Karl-Hammerschmidt-Str. 1
85609 Aschheim
Germany
Email: datenschutz.vp@verifone.com