LAST UPDATED: March 22, 2017
TokenEx, LLC (“TokenEx”, “we”, “us”, or “our”) takes privacy and data protection issues seriously. Our most important asset is our relationship with our user community. We are committed to maintaining the confidentiality, integrity and security of information about our users and their organizations.
TokenEx complies with both the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries and Switzerland, as applicable to each framework. TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, the Privacy Shield Principles or the U.S.-Swiss Safe Harbor Principles, as applicable, shall govern. To learn more about the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, and to view TokenEx’s certification for both, please visit https://www.privacyshield.gov/ and http://www.export.gov/safeharbor/, respectively.
The Federal Trade Commission has jurisdiction over TokenEx’s compliance with the EU-U.S. Privacy Shield Framework.
By submitting or making available personally identifiable information about you and your business through the Site or TokenEx’s services, you agree to the terms of this Policy and you expressly consent to the processing of personally identifiable information in accordance with this Policy. Your personally identifiable information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personally identifiable information may be less stringent than the laws in your country. TokenEx aims to comply with the applicable laws and regulations protecting the privacy of personally identifiable information in the jurisdictions in which TokenEx operates. Where appropriate, specific jurisdictions may require supplemental terms to this Policy in order to comply with local laws.
Scope of this Policy
This Policy covers TokenEx’s treatment of personally identifiable information collected from any merchant (hereafter, a “merchant” or “you”) who uses TokenEx’s tokenization and payment gateway services, as well as our treatment of any other consumer information that we acquire in the course of our business and any other information that we collect on or through the Site.
By accessing and using the Site, you agree that you have read and understand this Policy and you accept and consent to the privacy practices (and any uses and disclosures of information) that are described in this Policy.
Information Collection and Use
TokenEx collects personally identifiable information about you and your business when you register for a TokenEx merchant account. For example, when you register with TokenEx, we ask for your contact information (such as your name, street address, and e-mail address), as well as certain information pertaining to your business and certain billing information (such as your or your business’s bank account number or credit card number). TokenEx may also receive personally identifiable information from its resellers and other business partners.
In the course of processing a payment transaction, we typically receive information related to the transaction from the applicable merchant or financial institution. This normally includes personally identifiable information relating to the payment that the relevant consumer has separately furnished to the merchant or financial institution in requesting or initiating the transaction. As a merchant, you are solely responsible for obtaining all necessary and appropriate consent and authorization from each consumer and other person about whom you share personally identifiable information with TokenEx. Please only share with us personally identifiable information for which you have obtained appropriate consent and authorization from the applicable consumer. Any personally identifiable consumer information shared with us from the applicable merchant or financial institution is treated with the utmost care and security. TokenEx systems are certified as a Level 1 PCI Compliant and all data retention and credit card information is fully encrypted and data security is maintained at the PCI standards as determined by the PCI Security Standard Council. Please see more details about our security practices in the “Information Security” section below.
TokenEx uses the payment-related information that it receives as necessary and appropriate to fulfill requests to process payment transactions, to facilitate billing, and to otherwise deliver payment services. Personally identifiable information about consumers is used by us to process payment transactions and (except as provided in the next section of this Policy) for no other purpose. We may use information that we receive about you (as a merchant) and your business to send you service announcements, newsletters, and periodic notices about specials and new products. In addition, we may retain the content of, and meta-data regarding, any correspondence you may have with us or our representatives, regardless of the subject matter or the mode of communication by which such correspondence is made. This information helps us to improve our products and services, as well as the Site and the content, materials, opportunities, and services that we feature or describe on the Site, and to more effectively and efficiently respond to both current and future inquiries.
We do not acquire any personally identifiable information directly from consumers on the Site. Our Web site is not directed at persons under the age of 18 and TokenEx does not collect or maintain information on our Web site from persons we actually know are under the age of 18. As with many other Web sites, the Web servers used to operate the Site may collect certain nonpersonal data pertaining to users of the Site and the equipment and communications method that they use to access the Internet and the Site. Without combining these data with other sources of information, they do not readily or personally identify individuals. They may reveal such things as the Internet protocol (“IP”) address assigned to an individual’s computer, specific pages that an individual accessed on the Site or immediately prior to visiting the Site, and the length of time spent in a visit to the Site. The purposes for which this information is collected and used include facilitating Site operation and system administration, the generating of aggregate, nonidentifiable statistical information, monitoring and analyzing Site traffic and usage patterns, and improving the content and content delivery with regard to the Site and the content, materials, opportunities, and services that we describe or make available on the Site.
We may also use “cookies” (small text files stored on users’ computers) to help track and customize access and use of the Site. Cookies store and retain information that helps us recognize individuals when they return to the Site following a previous visit. Most popular Internet browser packages allow one to configure the browser so as not to accept cookies. Setting your browser to reject cookies may, however in certain instances, prevent you from taking full advantage of the Site and the materials, products, and services that we make available on the Site.
Information Sharing and Disclosure
Protecting personally identifiable information about merchants and consumers is an important part of our business. We do not sell, share or rent client information to third parties except as described below.
TokenEx will disclose personally identifiable information about you, as a merchant, to third parties (whether other companies or individuals) when: (1) we have your consent to share the information with such third parties; (2) we need to share the information with such third parties to provide the product or service you have requested; or (3) such third parties work on behalf of TokenEx to provide a product or service to you (unless we tell you differently, these third parties do not have the right to use or disclose any personally identifiable information that we provide to them beyond what is necessary for them to perform their duties for us).
We share personally identifiable information about specific consumers with third parties (such as, for example, banks and credit card processors) to the extent necessary for TokenEx to deliver tokenization and payment processing services that are requested regarding such consumers. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, TokenEx is liable for appropriate onward transfers of personal data to third parties.
We also may disclose personally identifiable information to third parties when we believe disclosure is required or appropriate: (1) to comply with applicable laws, regulations, subpoenas, court orders, and the like; (2) to enforce or give effect to written agreements that we are party to (such as, for example, the Merchant Agreement that you, as a merchant, have executed with us); or (3) to protect the rights, property, or safety of TokenEx, its other users, or others. If TokenEx receives an order or subpoena for some or all of the personally identifiable information or determines that it is bound by law to disclose such information, TokenEx shall immediately notify you of such receipt or determination and provide to you a copy thereof. If you request, TokenEx shall cooperate with you in any lawful proceeding to prevent or limit such disclosure. These disclosures may include, for example, exchanging information with other companies and organizations for fraud protection and risk reduction purposes.
Transfer of Personal Information in the Event Of Sale of TokenEx or Its Assets
In the event that TokenEx is sold or transfers some of its assets to another party, your personal information could be one of the transferred assets. If your personal information is transferred, use of your personal information will remain subject to this Policy. Your personal information will be passed on to a successor in interest in the event of a liquidation or administration of TokenEx.
What Choices Do You Have?
When corresponding with TokenEx or our representatives, or when making a request for information, submitting information, or otherwise interacting with us through the Site, you choose what information to supply, what questions to pose and comments to make, whether you wish to receive further information, and by what method of communication that information should be delivered to you. Please take care to share only such information as is needed or that you believe is appropriate. You may opt out of disclosing certain personally identifiable information to TokenEx by contacting TokenEx as provided for in this Policy or simply withholding certain personally identifiable information; however, in doing so we may not be able to provide you the services that you are requesting.
Additionally, if you wish to obtain a copy of, or have access to, the particular data you have provided to us, or if you become aware that any data you have provided is incorrect, and you would like us to correct or delete it, please contact us as set forth below. Before we are able to provide you with any data or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details, including your personal data, to help us to respond to your request. We always will endeavor to respond within an appropriate timeframe to any request. In the event you request that certain data on your account be deleted or removed, please be aware that due to backups in our network, we keep track of past transactions; therefore, you cannot delete data associated with past transactions. It may be impossible to completely delete your data without some residual data due to these backups.
Information security is critical to our business. We use firewalls and other industry standard security technology, as well as industry standard security practices, to protect personal and confidential information that we receive and to prevent that information from being accessed by unauthorized persons. For example, we work to protect the security of personal and confidential information submitted through the Site during transmission by using Secure Sockets Layer (“SSL”) software, which encrypts information. The information that you submit through the Site is gathered on computers, and stored in a data center, protected by industry standard security practices. The number of employees that have physical access to our data center, and to the computer on which personal information is stored, is limited. TokenEx systems are certified as a Level 1 PCI Compliant and all data retention and credit card information is maintained at the PCI standards as determined by the PCI Security Standards Council (https://www.pcisecuritystandards.org).
We also require that any personally identifiable information about consumers that is sent to us through or in connection with the Site be encrypted using SSL encryption.
You are responsible for the use and safeguarding of any login ID that we issue to you regarding the use of the Site and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to other sensitive data regarding your account with us, and to your computer. Be sure to appropriately safeguard the login ID and password that you use to access TokenEx’s services, and be sure to sign off of your account when you are finished using it, if you are using a shared computer to access the Site.
Changes to this Policy
TokenEx reserves the right to modify or amend this Policy at any time and for any reason. Please take a look at the “Last Updated” legend at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we post the revised Policy on the Site. Your use of the Site following these changes means that you accept the revised Policy.
Inquiries, Complaints or Questions about this Policy
If you have any inquiries, complaints or questions about this Policy, please first contact TokenEx by email at info@TokenEx.com or by mail at P.O. Box 521068, Tulsa, Oklahoma 74152-1068. We will work to address your concerns and questions in an appropriate timeframe and manner. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, you may invoke the right to settle the dispute by mediation, administered by the International Centre for Dispute Resolution (http://info.adr.org/safeharbor) under its Mediation Rules, before resorting to arbitration, litigation or some other dispute resolution procedure. The services of the International Centre for Dispute Resolution are provided at no cost to you. Further, under certain circumstances and conditions, to the extent your complaints or issues are not resolved by the other available mechanism found in this Policy, you may be eligible to invoice binding arbitration upon the parties for complaints regarding this Policy and our compliance with the EU-U.S. Privacy Shield Framework. For more information regarding binding arbitration and your rights related to the same, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If you have additional questions about this Policy, please contact TokenEx by email at firstname.lastname@example.org or by mail at P.O. Box 521068, Tulsa, Oklahoma 74152-1068.