Effective Date: AUGUST 1, 2018
Who is the Data Controller of Your Personal Information?
Shift4 Payments, LLC, 2202 N. Irving St., Allentown, PA 18109 (“Shift4,” “us,” “we”) is the data controller
If you retain Services directly from an Affiliate or Brand of the Shift4 group company or otherwise do business with that Shift4 Affiliate/Brand and share personal information with that company, that respective company is the data controller in relation to all personal information obtained, processed and used in relation to such personal information.
The use of information provided to us by our customers (each a “Client” and collectively our “Clients”) for the purpose of processing on their behalf shall be limited to the purpose of providing the Service for which the Client has engaged Shift4 or to third-parties as set forth below.
Shift4 acknowledges that you have the right to access your personal information. Shift4 has no direct relationship with the individuals whose personal data it processes on behalf of its Clients. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to Shift4’s Client (the data controller). If requested to remove data we are processing for our Client, we will respond within a reasonable timeframe. We may transfer personal information to companies that help us provide our Services. Transfers to subsequent third parties are covered by the service agreements with our Clients.
Collection and Use of Information
The reasons for using your personal information may differ depending upon the purpose of the collection. Regularly, we use your information for the purposes laid out below. Please read the following section carefully so that you understand the reasons for which we collect your personal information.
We need to collect information about you to provide you with the Services or support that you need from us. The type of information that is collected will vary depending on your request, as well as the country that you may be accessing or using our Services from. Additionally, you can choose to voluntarily provide information to us, for example, when signing up for merchant services or would like to become a developer partner.
Information Provided By You
We collect information you provide when you apply or sign up for our Services, go through our identity or account verification process, authenticate into your account, communicate with us for support, or otherwise utilize our Services.
When you are applying or signing up for our Services, the information we collect can include:
Information We Collect About You From Your Use of Our Services
We collect information about you and your use of our Services. The information that we can collect includes:
Information We Can Collect From Other Sources
We also collect information about you from third parties, including:
How We Use Your Information
We may use information about you for a number of purposes, including:
Providing, Improving, and Developing our Services
Communicating with You About our Services
Protecting our Services and Maintaining a Trusted Environment
Advertising and Marketing
Cookies and Other Technologies
Ads that are delivered by Shift4’s advertising platform may appear on Shift4’s website and the websites of our Affiliates and in the Shift4 Marketplace. You may see ads in third-party environments, based on context like your search query or the channel you are reading. In third-party apps, you may see ads based on other information.
If you want to disable cookies, seek out the policies and/or terms of your internet web browser to manage your browsing privacy preferences. Please note that certain features of the Shift4 website will not be available once cookies are disabled.
As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
We use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, to improve our product and services, and to gather demographic information about our user base as a whole. Shift4 may use this information in our marketing and advertising services.
In some of our email messages, we use a “click-through URL” linked to content on the Shift4 website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.
Sharing Your Information with Third Parties
We may share information about you as follows:
With Other Users of our Services with Whom You Interact
With our Affiliates
With Third Parties
Business Transfers and Corporate Changes
Safety and Compliance with Law
With Your Consent
Aggregated and Anonymized Information
How Long We Retain Your Information
We generally retain your information as long as reasonably necessary to provide you the Services or to comply with applicable law. However, even after you deactivate your account, we can retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is consistent with the agreements we make with our clients, applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions consistent with applicable law. In addition, personal information processed by Shift4 and/or its Affiliate/Brand companies as a data processor will be removed in accordance with the instructions of the applicable data controller, not to exceed two years.
Shift4 shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Shift4 operates.
Protection of Personal Information
Shift4 takes the security of your personal information very seriously. Shift4 online services such as the Shift4 Marketplace and the Dollars on the Net gateway protect your personal information during transit using encryption technologies required by law and by the PCI Data Security Standard, an international security framework for the protection of cardholder data. When your personal data is stored by Shift4, we use computer systems with limited access housed in facilities using physical security measures.
When you use some Shift4 products, services, or applications or post on a Shift4 forum, the personal information and content you share is visible to other users and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.
Integrity and Access to Your Information
Shift4 makes it easy for you to keep your information accurate, complete, and up to date. You can help ensure that your contact information and preferences are accurate, complete, and up to date by contacting us at firstname.lastname@example.org. For other personal information we hold, we will provide you with access (including a copy) for any purpose including to request that we correct the data if it is inaccurate or delete the data if Shift4 is not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
You may also contact us at email@example.com if you would like Shift4 to delete and/or destroy the information that we have retained. This is including location and tracking information, and promotional communications. Certain information we retain cannot be deleted or destroyed in order for us to be able to continue to provide you with our Services and/or products.
EU-U.S. Privacy Shield
Shift4 Payments, LLC, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Shift4 is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
Shift4 is responsible for the processing of personal data it receives under the Privacy Shield Framework, including any subsequent transfers to a third party acting as an agent on its behalf. Flexera complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Shift4 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Shift4 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Our Privacy Shield policy, in its entirety, can be found at https://www.shift4.com/PDF/Shift4-Privacy-Shield-Policy.pdf
California Privacy Rights
California law permits residents of California to request certain details about our disclosure of your personal information to third parties for direct marketing purposes during the immediately preceding calendar year. If you are a California resident and would like to request this information, please contact us at firstname.lastname@example.org.
From children under the age of 16 residing in the EU, we will not process any personal information on the ground of a consent.
Third-Party Sites and Services
Shift4 websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties.
Information collected by third parties, which may include such things as location data, transaction data, or contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.
If you purchase a subscription in a third party app, we create an identifier that is unique to you and the developer or publisher which we use to provide reports to the developer or publisher that include information about the subscription you purchased, and other pertinent information. This information is provided to developers so that they can understand the performance of their subscriptions.
Our Companywide Commitment to Your Privacy
To make sure your personal information is secure, we communicate our privacy and security guidelines to Shift4 employees and strictly enforce privacy safeguards within the company.
When a privacy question or access request is received we have a team which seeks to address the specific concern or query which you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the relevant regulator in your jurisdiction. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.