Till Payments Privacy Policy

This privacy policy is in accordance with the Privacy Act 1988.

This Privacy Policy (Policy) implemented by Till Payments Global Pty Ltd ABN 36 638 167 370 (Till Payments) explains how personal information and credit related information is collected, stored, used, handled, and disclosed by Till Payments. This Policy also describes the rights and choices available to you regarding the use, access, and correction of your personal information.

In this Policy, ‘Till Payments’, we’, ‘our’, ‘us’ means Till Payments or its subsidiaries and affiliates (Related Entities) responsible for the collection or use of personal information in a specific country.

Till Payments may provide separate privacy notices and additional information at the time we collect Personal Information. This may include additional country specific information in accordance with the applicable laws of the country where such information is being collected.

Please read this Policy carefully to understand what our privacy practices are and the choices you can make about your privacy.

2. Types of Information that we collect

The types of information that we collect depends on the nature of our interaction, the source of the information and the basis of collection i.e., whether it is collected directly from you, from your use of our product and services, from our customers or from other sources.

Information that we collect may be necessary for us to provide you with our products or services including creating you an account, facilitate processing of your payment transactions, or monitoring compliance requirements under the law.

You do not have to provide us with your personal information or credit-related information. However, if you choose not to, we may not be able to provide you with access to our products or services, or assist with your enquiries, or respond to any complaint made to us.

The types of information we collect can be classified into two main categories: personal information including sensitive information, or non-personal information.

2.1    Personal information

We may collect personal information about an individual from:

(a)        Our customers and potential customers i.e., Merchants and Partners – we collect details to verify the identity of our customers and potential customers, assess their eligibility for our products and services, and for ongoing monitoring and fraud prevention. The types of information we may collect includes:

·         full name, date of birth, email address contact details, current and previous addresses, country of citizenship, country of residence and signature.

·         government issued identification numbers (to the extent permitted under the applicable law), such as passports, social security number, driver’s licence, or other national cards issued for identification purposes.

·         other identity information required for credit checks, fraud prevention and risk assessment from third parties including independent identification verification providers, banks, financial institutions, government registries and credit reporting agencies for credit bureau.

·         business name, location and details including merchant name, merchant ID, merchant category code, merchant location where a transaction occurred, and information about transactions processed by the Merchant as applicable.

·         contact information (phone number and email) of the business entity and its personnel who interact with us, such as name, job title, address, telephone number, and email address.

·         Information about individuals’ connection with a legal entity, such as an individual’s role, and whether he or she is a beneficial owner or authorised signatory.

·         financial account information including bank account and credit card/ debit card numbers, bank statements and utility account statements.

·         Profile information including marketing information with respect to preferences for receiving promotional communications for our product and services.

(b)        Customers of our Merchants and Partners – we collect information for and during provision of our services, on behalf of our Merchants and Partners. The types of information we collect may include:

·         Contact details (phone number and email) which allows us to electronically send transaction receipts to the customers of our Merchants and Partners.

·         Transaction data when the payment interface provided by us is used for making payments to the Merchant.

·         Details of the products or services purchased, and information collected automatically using technology provided and activated by Till Payments or its suppliers, as set out in clause 2.1(c).

(c)        Suppliers including potential suppliers and service providers – we collect information to complete due diligence of suppliers and service providers, to communicate with them, for organising the provision of goods and/or services, and to assess their business. The types of information we may collect includes business contact information such as full name, role, mobile number, business address, and details of their key personnel.

(d)        Past, present, and prospective employees – this is information that we may collect directly from the job applicant or from a recruiter as part of our recruitment process. The types of information we may collect and hold about you includes:

·         details to verify your identity including your full name, date of birth, gender, contact details, current addresses, country of citizenship/residency, date of birth and signature.

·         occupation and employment details including employment status and any previous work experience.

·         information in connection with your employment with us (which may include health information, bank account details and your tax file number).  

·         information from or in connection with your resume or job application if you apply for a position with us (including information from referees and to verify your qualifications, work, and academic history).

(e)        Private and publicly available resources – we may collect this information to we or our third-party verification providers may collect information about individuals from publicly available resources (such as accessible government lists) and private or commercially available resources (such as reports or information from credit reporting agencies or fraud prevention agencies) to the extent permitted under applicable law.

(f)         Online surveys, feedback, and contests – we may conduct online surveys, solicit your feedback, or hold contests to better understand your needs, to provide you with enhanced services, to improve our services, and to help you use our services more effectively. If you participate in our online surveys or provide feedback, we may collect information such as your full name, email address, and demographic information. Participation in our surveys or contests, or providing feedback, is completely voluntary and you therefore have a choice whether to disclose this information. We will not share the personal information you provide with other third parties unless we give you prior notice and choice. We may display your feedback or personal testimonial on our website, subject to obtaining your consent. 

2.2    Sensitive Information

Sensitive information is a subset of personal information. We may collect sensitive information during our recruitment process where required or permitted by the law in the country in which you are applying for employment. The types of information we may collect includes racial or ethnic origin, sexual orientation, criminal record, or health information such as disability status.

2.3    Information other than personal information (‘non-personal information’)

When you visit our website or use payment interfaces provided by us, we and our service providers may automatically collect information about your visit, such information is not personal information as it does not reveal your identity. We use this information to help us improve our services and for marketing purposes. We may aggregate this information for our own statistical purposes provided that it remains anonymous, we may disclose the aggregated information to third parties, commercialise or publish it for marketing or research purposes.

(a)        Site visit information – when you visit our site, we may record your server address, the date, time and duration of your visit, the search terms you used, the pages you viewed, any documents you downloaded, the type of device, browser, and operating system you used, the manufacturer and model device identifier, and general location information.

We use Internet Protocol (also known as ‘IP’) addresses to analyse trends, execute the web sites, track our users' activities, and gather broad demographic information for aggregate use. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality.

(b)        Cookies – a cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users. We use cookies to hold anonymous site visit information. This information is used to personalise your current visit to the website. It may also be used as a basis for targeting online advertising. Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies or to notify you when they are being used. Rejecting cookies can, however, limit the functionality of our websites. For more information about our use of cookies, please refer to para 5 of this Policy.

3. How and why, we use your personal information (or Purpose)

Collection and use of your personal information

This Privacy Statement explains what personal data Till Payments (“Till Payments” or “we” or “us”) collects from you, through our interactions with you and through our website, products or services, and how we use it. It also describes your choices regarding use, access and correction of your personal information.

Your privacy is important to us. To protect your privacy, we provide this Privacy Statement explaining our information practices and the choices you can make about the way your information is collected and used. Please read this Privacy Statement carefully to understand what we do and the choices you can make.

To facilitate our operations, we may transfer, store and process your personal information in jurisdictions other than where you live, including in the United States. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection.

Till Payments adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. Till Payments is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.

Till Payments is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on Till Payments behalf. Till Payments complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Till Payments is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Till Payments may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

To provide the services and to reduce the risk of fraud, Till Payments may ask you for personal information. This Privacy Statement describes the personal information we collect from you, and how we use that information. We will use your personal information only in accordance with the terms of this Privacy Statement. We will not sell or rent your personal information or provide a list of our customers to third parties. However, there are limited circumstances in which some of your information will be shared with third parties under strict restrictions, so it is important for you to review the details of this Privacy Statement.

4. To whom we disclose your Personal Information

We may disclose your personal information to our Related Entities, to third parties that provide products and services to us or through us, or to other third parties specifically permitted by you or as permitted under applicable laws including:

(a)        With Related Entities and within organisation- We may disclose your personal information with our Related Entities for purposes consistent with this Policy.

(b)        With our customers including Merchants and Partners - We provide services on behalf of our customers (i.e., Merchant or Partner) and we may from time-to-time share your information with them for processing.

(c)        Card Schemes and Banks - As part of transaction processing, we may be required to share your information with other participants in the payment ecosystem not limited to Banks and Card Schemes.

(d)        Third-party service providers and suppliers – We may disclose your information with third-party service providers and supplier where we engage them to supply us or assist us in providing products and services to you.

(e)        Agencies that assist with credit checks, identify verification and fraud protection - as part of the onboarding of our customers (Merchants and/or Partners), we are obliged to assess and conduct verification of their identity and financials, and to complete a background check. We use personal information to verify details against databases maintained by third-party service providers. These third-party service providers may include but are not limited to banks, financial institutions, credit reporting bodies, identification service providers and identity verification agencies. These third parties assist us with detecting and responding to fraud or money laundering to ensure that we comply with our contractual, legal, and regulatory obligations.

(f)         Professional advisors – We disclose personal information to professional advisors, such as such as lawyers, bankers, auditors, and insurers who provide advice or perform functions on our behalf, where necessary in the course of the professional services that they render to us.

(g)        Compliance with laws, law enforcement, and regulatory and government bodies – we may disclose your personal information to regulatory or government bodies, law enforcement agencies or other authorities or organisations as required or authorised by law.

(h)        Business Transfers - As with any other business, it is possible that in the future we could merge or partner with, or be acquired by, another company. If such an acquisition occurs, the replacement company would have access to personal information maintained by us. We may also disclose certain information to a purchaser, potential purchaser, or investor. In all these cases we will make reasonable efforts to make the recipient aware of this Policy.

(i)         Any other person or entity with your consent - we may transfer your personal information to any third-party who is not otherwise covered by the categories above. For example, this may include a nominated referee as elected in a job application.

5. Use of cookies and similar technologies

Till Payments uses cookies and similar technologies when you interact with our online payment interface or access our website. Information collected via cookies is used for several purposes and depends on the product and services accessed by you. Cookies are widely used to make websites work, or work in a better, more efficient way. Cookies and automated technologies can be set up by us or our third parties who assist us with our delivery of services.

5.1 - Types of cookies we may use

The types of cookies that we may use include:

(a)        Storing your Preferences and Settings - Settings that enable our website to operate correctly or that maintain your preferences over time may be stored on your device. For example, we save preferences, such as language or browser and multimedia player settings, so that your preferences do not have to be reset each time you return to our website. If you opt-out of interest-based advertising, we store you opt-out preference in a cookie on your device.

(b)        Sign-in and Authentication - When you sign into our website using your personal Till Payments account, we store a unique identification number and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page. You can also save your sign-in information on your device so that you do not have to sign in each time you return to the site.

(c)        Security - We use cookies to detect fraud and abuse of our websites and services.

(d)        Social Media - Some of our websites include code snippets provided by social media companies that can sense if you are already logged into a given social media account. This allows you to easily share Till Payments’ content with other social media users via your social media account. These code snippets read cookies set previously by the social media company’s web content while you are logged in and browsing such content on the social media site.

(e)        Interest-Based Advertising - Till Payments uses cookies to collect data about your online activity and identify your interests so that we can provide advertising that is most relevant to you. You can opt out of receiving interest-based advertising by changing the privacy and security settings on the device and/or the platform used to browse the website which will allow you to limit our use of information.

(f)         Analytics - To provide our products and services, and improve your user experience on our website, we use cookies and other identifiers to gather usage and performance data. For example, we use cookies to count the number of unique visitors to our website and to develop other statistics about the operations of our products and services. This includes cookies from Till Payments and from third-party analytics providers.

(g)        Performance - Till Payments uses cookies for load balancing to ensure that websites remain up and running.

5.2 - How to control cookies

Most web browsers automatically accept cookies and provide controls that allow you to block or delete them. For example, in most modern browsers, you can block or delete cookies by clicking Settings > Privacy > Cookies. Instructions for blocking or deleting cookies in other browsers may be available in each browser's privacy or help documentation.

Certain features of our products depend on cookies. Please be aware that if you choose to block cookies, you may not be able to sign in or use those features, and your preferences that are dependent on cookies may be lost.

If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, will be deleted and may need to be recreated.

1.3 - Opting out of Analytics Services

For analytic services, we use third-party analytics providers to:

·         inform, optimize, and serve ads based on your past visits to our website; and

·         find out how ad impressions, ad services, and your interactions with these ad impressions and ad services, are related to visits to our website.

You can opt-out of data collection or use by our third-party analytics providers via the following links:

·         AppsFlyer: www.appsflyer.com/optout

·         Flurry Analytics: https://aim.yahoo.com/aim/us/en/optout/

·         Google Analytics: tools.google.com/dlpage/gaoptout (requires you to install a browser add-on)

·         Kissmetrics: kissmetrics.com/user-privacy

·         Mixpanel: mixpanel.com/optout

·         Nielsen: www.nielsen-online.com/corp.jsp?section=leg_prs&nav=1#Optoutchoices

·         Omniture (Adobe): www.d1.sc.omtrdc.net/optout.html

·         Visible Measures: www.visiblemeasures.com/viewer-settings-opt-out

·         WebTrends: ondemand.webtrends.com/support/optout.asp

6. Cross border disclosure of personal information

We are a global business with offices across Australia, Canada, New Zealand, United Kingdom and the United States. To provide our products and services, we engage third-party service providers, resources, and cloud-based processes, who may be outside your specific country. We use reputable service providers and ensure they have appropriate controls and contractual obligations relating to security of data as required by law in the country where information is being collected.

7. How we keep your data safe and for how long

The quality and security of your personal information is important to us and to the products and services that we offer to you. We take commercially reasonable precautions consistent with applicable regulatory requirements to ensure that any personal information we hold is kept secure and protected against any loss or unauthorised access. While we strive to use commercially reasonable means to protect your personal information no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

We employ contractual, administrative and security measures to protect against any unauthorised access or disclosure, with procedures and mechanisms put in place to monitor and deal with any suspected data breach.

We limit access to personal information to only such employees, contractors and service providers who have a business need to know and for purposes as set out in this Policy.

We will retain your information for as long as needed to provide you with our products and services, for as long as necessary to comply with our legal and/or regulatory obligations, to resolve disputes, and administer our agreements.

If you would like to cancel your account or request that we no longer use your information to provide you with any products or services, please let us know by emailing us on Privacy@tillpayments.ccom.

You may request that we delete your personal information. If we no longer need your information and are not required by or under a law or court/tribunal order to retain your information, we will take necessary steps to destroy the information. Where deletion is not possible, we will ensure that the information is de-identified.

8. How to access and update your personal information

If we hold personal information about you, you have the right to:

·         access your personal information; and

·         request that we correct any inaccurate or incomplete personal information about you.

You can do this by making a request to us via email: Privacy@tillpayments.com. Please also refer to the ‘Contact us’ section below.

Before we action your request, we may need to verify your identity to ensure that you are authorised to make such a request. We will respond to your request within a reasonable timeframe and in compliance with the law, by either providing you with:

·         access to the personal information you requested; or

·         a written notification that your request has been refused, and the mechanisms available for you to make a complaint about our refusal.

9. Changes to the Policy

We reserve the right to amend the Policy from time to time as may be required. If we make any amendments to the Policy, we will publish the updated Policy on our Website. The updated Policy will be effective from the ‘Effective Date’ listed.

If there are material changes made to the Policy and where required by law, we will provide you with reasonable notice of the changes via email.

Your continued use of our products and services after we publish our or email you about our updated Policy will indicate your acceptance of the terms of the updated Policy.

10. Children’s personal information

We recognize the importance of children's safety and privacy on the internet. For this reason and to comply with certain laws, we do not intentionally collect personal, individually identifiable information from children under the age of 13, nor do we offer content targeted to children under 13.

11. Contact us

General enquiries

If you wish to contact us about the Policy or our Personal Information handling processes, including if you would like to access, update, or correct your personal information held by us, you should use the country-specific contact details below. If you are contacting us via email, you should use the general enquiries email address listed below.

Complaints

If you wish to contact us via email to make a complaint in relation to a breach of your privacy, you should use the complaints email address listed below. Please address your privacy complaint to the ‘Privacy Officer’.

If you make a complaint, your complaint will be handled in accordance with our Global Complaints Handling Policy. If you are not satisfied with our response, you may escalate your complaint to the country-specific external body as set out below:

Australia

Contact Details:
External Body:

Canada

Contact Details:
External Body:
  • Name: Office of the Privacy Commissioner of Canada (OPC)

  • Address: 30 Victoria Street
    Gatineau, Québec
    K1A 1H3

  • Link to contact form: Contact the OPC

New Zealand

Contact Details:
External Body:

United States

Contact Details:
External Body:

(For California residents)

  • Name: Attorney General, State of California Department of Justice  

  • Address: Office of the Attorney General
    P.O. Box 944255
    Sacramento, CA 94244-2550 

  • Link to contact form: Contact the OAG

(For all other US jurisdictions)

  • Name: Consumer Financial protection Bureau

  • Address: PO Box 27170 Washington, DC 20038

  • Link to contact form: Contact the CFPB

United Kingdom

Contact Details:
  • Name: Till Payments Solutions UK Ltd

  • Address: 2nd Floor 55 Ludgate Hill, London, England, EC4M 7JW

  • General enquiries and Complaints email: Privacy@tillpayments.com

External Body:
  • Name: Information Commissioner’s Officer

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire
    SK9 5AF 

  • Link to contact form: Contact us | ICO

12. Additional Country-specific provisions

12.1

Australia

Till Payments Solutions Pty Ltd ABN 64 160 726 349.

In Australia, we comply with Australian privacy legislation including the Privacy Act 1988 (Cth). The Privacy Act 1988 (Cth) sets forth 13 Australian Privacy Principles (the “APPs”) to set standards for collection, use, storage, and security of personal information.  The APPs also include rights for an individual to access personal information an organization may hold that relates to that individual and/or to correct such personal information. These APPs can be found here www.oaic.gov.au

If you would like to escalate a complaint you have made to us about our privacy practices, you may contact the Office of the Australian Information Commissioner. Till Payments will cooperate with external complaints handling or investigations into our privacy practices by the Office of the Australian Information Commissioner or any other authorised regulator. Till Payments will comply with any lawful orders, decisions, or directions made in relation to our privacy practices by an authorised regulator or Court.

We comply with the Spam Act 2003 and Spam Regulations 2021 and all messages are sent in accordance with the requirements under the act.

 

Canada

Till Payments Canada Corp.

In Canada, we comply with the  privacy legislation in Canada including the Personal Information Protection and Electronic Documents Act (PIPEDA).

PIPEDA sets out 10 Privacy Principles of Canada which are listed in Schedule 1 of PIPEDA. These 10 Privacy Principles are also known as the 10 Fair Information Principles and can be found here.

We comply with Canada’s anti-spam law (CASL) including the regulations made under this act ie. Electronic Commerce Protection Regulations (ECPR).

In accordance with the CASL, Till Payments will only send you a commercial electronic message within, from or to Canada with your consent unless an exemption applies.

New Zealand

Till Payments Solutions NZ Limited NZBZ 9429048556934.

In New Zealand, we comply with New Zealand privacy legislation, including the Privacy Act 2020 NZ. Privacy Act 2020 NZ sets forth 13 information privacy principles (the “IPPs”), which set standards for the for the storage and security of personal information, data minimization, limits on disclosure and use, and the manner for collecting personal information, as well as an individual’s rights of access and correction.  These IPPs can be found here.

If you would like to escalate a complaint you have made to us about our privacy practices, you may contact the Office of the Privacy Commissioner. Till Payments will cooperate with external complaints handling or investigations into our privacy practices by the Office of the Privacy Commissioner or any other authorised regulator. Till Payments will comply with any lawful orders, decisions, or directions made in relation to our privacy practices by an authorised regulator or Court.

We comply with Unsolicited Electronic Messages Act 2007 and all messages are sent in accordance with the requirements under the act.

United States

Till Payments LLC

In United States, we comply with the United States privacy legislation including the Gramm-Leach-Bliley Act (GLBA) and the California Consumer Privacy Act (CCPA). The GLBA strives to protect NPI, or non-public personal information, which is any information that is collected regarding an individual’s finances that is not otherwise publicly available, and the CCPA is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States.

If you are a California resident, you have additional rights in relation to your personal information under certain circumstances:

1.     to know about the personal information, we collect about you (including the source for collection) and how we use it and share it;

2.     to request a copy of your personal information that we hold;

3.     to have your personal information deleted;

4.     to opt-out of the sale of your personal information;

5.     to not be discriminated against for exercising any of your rights under the CCPA.

We comply with Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) and all messages are sent in accordance with the requirements under the act.

 

United Kingdom

Till Payments Solutions UK CRN 09184259

In addition to the Policy, Till Payments complies with privacy legislation in the United Kingdom, including the UK General Data Protection Regulation (UK GDPR). The UK GDPR sets out seven key principles, these principles can be found here.

The UK GDPR provides the following rights for UK residents under certain circumstances:

1.     to be informed about the collection and use of your personal information;

2.     to access and receive a copy of your personal information;

3.     to have inaccurate personal information rectified;

4.     to have your personal information erased;

5.     to restrict the processing of your personal information;

6.     to object to the processing of your personal information;

7.     on your request have your information transferred to a third party (data portability); and

8.     to restrict us from making solely automated decisions, including those based on profiling, that have a legal or similarly significant effect on you.

Further details on the rights are found here.To exercise any of your rights under the UK GDPR, please contact Privacy@tillpayments.com. We will respond in accordance with our requirements under the UK GDPR.

If you would like to escalate a complaint you have made to us about our privacy practices, you may contact the Information Commissioner’s Officer. Till Payments will cooperate with external complaints handling or investigations into our privacy practices by the Information Commissioner’s Office or any other authorised regulator. Till Payments will comply with any lawful orders, decisions, or directions made in relation to our privacy practices by an authorised regulator or Court.

We comply with The Privacy and Electronic Communications (EC Directive) Regulations 2003 and all messages are sent in accordance with the requirements under the act.