Privacy Policy
Table of Contents
For companies registered in the United States and Canada.
Last Updated: July 14, 2022
1. Introduction, Acceptance, Definitions, and Modifications
This Privacy Policy (the “Policy”) applies to the website at https://trolley.com (the “Website”) which includes all subdomains present and future, and also includes the use of the “Services”, the proprietary software system that Trolley has developed to facilitate the making of payments to third party individuals or companies around the world (“Recipients”), and as more fully described in the Terms of Use. For further clarity, any mention of the Website in this Policy includes the Services, as the Services are accessed on a subdomain of the Website.
By visiting and / or using the Website, or by clicking the acceptance box upon signing up for an account, you agree to be bound by the terms of the present Policy.
By submitting Personal Information to us or on or through the Website or via other means, you consent to Trolley’s collection, use and disclosure of such Personal Information (as that term is defined below) in accordance with this Policy and as permitted or required by law.
The Services may only be used by legally-constituted entities including but not limited to corporations, partnerships, and legal organizations (hereinafter “Legal Entities”). If you are an individual using the Services on behalf of a Legal Entity, you represent and warrant that you have the capacity and authority to accept the Policy on behalf of the Legal Entity, and hereby agree to be the collection, use, and disclosure of Personal Information on behalf of that Legal Entity.
The Website is owned and operated by Trolley Technologies Inc (“Trolley”), a corporation located at 1 University Ave 3rd Floor, Toronto, ON M5J 2P1. Where this Policy refers to “Trolley”, it may refer to Trolley Technologies Inc. and / or it’s affiliates, including Trolley CA Inc. (Canada), Trolley Payments UK Ltd (UK), Trolley US Inc. (US), and Payment Rails HK Limited (Hong Kong); it’s officers, directors, employees, agents or representatives, depending on the context. Any reference to “we”, “our”, or “us” in this Policy shall also refer to Trolley.
In this Policy, a Website visitor or user, or the Legal Entity they represent (depending on the context), may be referred to as “you” or “your”. When a Website user has created an account for the Services, they may be referred to as a “Registered User”. Trolley reserves the right to modify or replace any of the Policy. Any changes to the Policy can be found at this URL. If you are a Registered User, it is your responsibility to check the Policy periodically for changes. Your use of the Website following the posting of any changes to the Policy constitutes acceptance of those changes. If we make any substantial changes to the Policy that materially affect the way we treat your Personal Information, we will use commercially reasonable efforts to notify you by sending a notice to the primary email address specified in your account or by posting a prominent notice when you log in to your account for the first time following those changes.
Trolley reserves the right, at any time and without prior notice, to modify or replace any of the Policy. Any changes to the Policy can be found at this URL. If you are not a Registered User, it is your responsibility to check the Policy periodically for changes. Your use of the Website following the posting of any changes to the Policy constitutes acceptance of those changes. If you are a Registered User and we make any changes to the Policy that affect the way we treat your Personal Information, we will use commercially reasonable efforts to notify you by sending a notice to the primary email address specified in your account or by posting a prominent notice when you log in to your account for the first time following those changes.
The Policy should be read in conjunction with the Terms of Use, as both these documents govern your use of the Website.
If you have any questions about the Policy or if you wish to inquire about and / or access any personal information Trolley holds about you, please contact:
Trolley Data Protection Officer
[email protected]
or by post:
Trolley – Data Protection Officer
1 University Ave, 3rd Floor
Toronto, ON M5J 2P1
Canada
2. General Statement of Privacy and Protection of Personal Information
Trolley understands that privacy is important to both our online visitors and Registered Users. We respect your privacy and will take reasonable steps to protect your information.
3. What Does This Privacy Policy Cover?
This Policy covers the treatment of personally-identifiable information, i.e. any information that identifies or relates to an individual, or can be used in conjunction with other information to identify an individual (“Personal Information”). This Policy also covers Trolley treatment of any Personal Information that Trolley may share with its business partners or other third parties under very limited circumstances.
This Policy does not apply to the general practices and treatment of information (whether personal or not) by third parties that Trolley does not own or control, including but not limited to any third party websites or services that you elect to access through the Website or via a link from the Website (“Third Party Website”), or to individuals that Trolley does not manage or employ. While we attempt to facilitate access or link only to those Third Party Websites that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Websites. We encourage you to carefully review the privacy policies of any Third Party Website you access.
4. No Collection of Personal Information as a Matter of Course
Your Personal Information is only processed (a) with your freely given, informed consent, (b) if the processing is necessary to fulfil a contractual or legal obligation towards you, (c) upon your request to perform an action that requires processing or (d) if we are obliged to do so under applicable laws. We will only process Personal Information for the stated purpose or use and to the extent necessary, as described in the next section of this Policy.
5. Personal Information Collected and its Uses
The following describes the Personal Information collected from you when you use the Website and what we use it for. When you submit Personal Information about third parties, you represent and warrant that you have their permission and consent to submit that Personal Information to us and for Trolley to use their Personal Information as described in this Policy. When you submit Personal Information about the Legal Entity you represent, you represent and warrant that you have the capacity and authority to do so.
- “Account Information”. In order to use the Services, you will be required to create an account by entering the following Personal Information: a valid email address, your full name, your company name, your company website, and your phone number. You may also choose to add additional Authorized Users to your account by submitting first and last names and email addresses of additional individuals; this shall also be considered Account Information. This Account Information is used to manage your account, to verify your credentials for logging-in to the Website, to facilitate your use of the Services, and to communicate with you information about your account.
- “Onboarding Information”. In order to become a Merchant and make payments you will be required to submit Personal Information to determine whether you are qualified to use the Services, as more fully described in the Terms of Use. This complete list of Onboarding Information will be made available to you during the onboarding process, but it includes information about you, your Legal Entity, other individuals at your Legal Entity, and certain banking or financial information. In addition, you will be required to upload government-issued identification and other documentation, which shall also be deemed Onboarding Information. We may also request additional Onboarding Information following your initial submission of your Onboarding Information. This Onboarding Information is used to determine your qualifications to become a Merchant and use the Services, to facilitate the execution of your Merchant Agreement with a Financial Services Provider, and to facilitate payments made to Recipients.
- “Recipient Information”. In order to make payments to Recipients, you must submit the following Recipient Information: (i) for an individual, first and last name, and a valid email address; or (ii) for a company, business name and a valid email address. We use this Recipient Information to verify the Recipient’s ability to receive a payment, and to facilitate payments to the Recipients through the Services.
- “Third Party Account Information”. In order to make payments to Recipients, you must submit the following Recipient Information: (i) for an individual, first and last name, and a valid email address; or (ii) for a company, business name and a valid email address. We use this Recipient Information to verify the Recipient’s ability to receive a payment, and to facilitate payments to the Recipients through the Services.
In addition to the uses described above, we may also use Personal Information you have submitted:
- To facilitate and improve customer service;
- To send you periodic emails of interest. Please see the Email Communications section further in this Policy for more information.
There may be other instances where we collect and process Personal Information which cannot be sufficiently covered in this Policy. If this is the case, we will notify you at the point of collection of the Personal Information and, if required, will ask for your consent and notify you of the nature and scope of the processing.
We may process your Personal Information for as long as we have a contractual or business relationship with you or, if longer, for the duration required by applicable laws. Note that applicable laws may require us to process your data regardless of your consent and/or for a period considerably longer than the business relationship between us.
6. Security and Encryption of Information
Trolley uses industry best practices (physical, electronic and procedural) in keeping any data collected (including Personal Information) secure. In addition, Trolley uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Website, and these third parties have been selected for their high standards of security, both electronic and physical. For example, Trolley uses Amazon AWS, a recognized leader in secure data, for hosting of the Website and storage of data, including Personal Information. Please note that these third parties may not be located in your home jurisdiction – see the “Transfer of Personal Information Outside Your Home Jurisdiction” section further in this Policy for more information.
7. Non-disclosure of Personal Information to Third Parties
Except as provided in the next paragraph and the sections in this Policy on Use of the Services and Mailing List Management, Trolley does not divulge any Personal Information to third parties. Moreover, Trolley does not sell, rent, trade or license any Personal Information to third parties. Only the employees, agents, subcontractors, officers, directors, or assigns of Trolley (or of Trolley’s affiliates) are responsible for the management and development of the Trolley service, and only these individuals have access to the information collected. These employees, agents, subcontractors, officers, directors or assigns all have been instructed to comply with the Policy.
We may share any Personal Information:
(1) in response to subpoenas, court orders, or legal process, or to establish, protect, or exercise our legal rights or defend against legal claims or demands, or anything substantially similar to the foregoing where we have a legal obligation to comply;
(2) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person, or any violation of the Terms of Use or any other agreement between you and us or in order to comply with applicable laws;
(3) if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Website infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Website infrastructure or the Website generally);
(4) to a parent company, subsidiaries, joint ventures, or other companies under common control with Trolley (in which case we will require such entities to honour this Policy);
(5) if Trolley merges with another entity, is subject to a corporate reorganisation, or sells or transfers all or part of our business, assets, or shares (in which case we will require such entity to assume our obligations under this Policy, or inform you that you are covered by a new privacy policy).
8. Use of Personal Information when making Payments
When you use the Services to make payments to Recipients, your Personal Information and that of the Recipient is transferred to Financial Services Providers and Third Party Payment Providers involved in the execution of the payment. Such Personal Information is only used for the making of the payment and to monitor compliance with applicable laws and the rules of the payment scheme in question;
Note that the use of our Services is usually covered by the Terms of Use or a Merchant Agreement and these may contain further information relating to our processing of data generally, including the processing of Personal Information. In case of any conflict between the Terms of Use or the Merchant Agreement and this Policy, the former take precedence.
9. Email Communications and Compliance with Anti-Spam Laws
Trolley uses SendGrid for sending out transactional emails to you, and uses Drift and Marketing Cloud (formerly Pardot) to manage our mailing list and send out marketing emails (collectively “Third Party Email Suppliers”). Personal Information is transferred to these Third Party Email Suppliers in order for our email communications to function properly. Your Personal Information is only used for the proper sending out of email; we have agreements in place that ensure that the Third Party Email Suppliers do not use this Personal Information for any other purpose, and will not transfer or sell your Personal Information to any other third party.
We will only send you marketing emails (i.e. emails that are not strictly necessary for the provision of Services to you) if you have allowed us to do so. You may unsubscribe from receiving marketing emails from us at any time by following the link at the bottom of any email sent to you.
Trolley’s practices with regards to their email communications are designed to be compliant with anti-spam laws, specifically the law unofficially called “CASL”, or Canada’s Anti-Spam Law or, if you reside in the European Union, with the EU General Data Protection Regulation. If you believe you have received email in violation of these laws, please contact us using the contact information further up in this Policy.
10. Limited Gathering of Information for Statistical, Analytical and Security Purposes.
Trolley automatically collects certain information using third-party analytics programs from Google Analytics and Marketing Cloud Account Engagement to help us understand how our users use the Website, but none of this information identifies you personally. For example, each time you visit the Website, we automatically collect your IP address, browser and computer type, access times, the web page from which you came, and the web page(s) you access (as applicable). We use information collected in this manner only to better understand your needs and the needs of the Website users in the aggregate. Trolley also makes use of information gathered for statistical purposes to keep track of the number of visits to the Website and the specific pages on the Website with a view to introducing improvements.
Your IP address and other relevant information may be used in order to trace any fraudulent or criminal activity, or any activity in violation of the Terms of Use.
11. Verification, Correction and Deletion of Personal Information
You have the right to: (i) verify what Personal Information Trolley holds about you, for how long and for which purposes it is being processed and what safeguards are in place to protect it; (ii) ask for your Personal Information to be corrected or updated; (iii) obtain, to the extent possible, a machine read-able copy of your Personal Information held by us; and (iv) withdraw your consent to the use by Trolley of your Personal Information and have it deleted from our records. If you wish to inquire about and verify and / or correct Personal Information Trolley holds about you, or if you wish to have all your Personal Information permanently deleted from our records, please contact us using the contact information further up in this Policy. Please note that deletion of your Personal Information may make it impossible for you to use the Website, or certain portions thereof. If you request deletion of your Personal Information, Trolley reserves the right to retain some of your Personal Information for a reasonable time in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
12. Transfer of Personal Information Outside Your Home Jurisdiction
Website users may access the Website from any country in the world. Trolley and its third party vendors, including service providers and hosting partners, are located in the United States, Canada, European Economic Area (EEA), and Australia. You acknowledge that Trolley and our third party vendors may be located in jurisdictions or countries where the privacy laws may not be as protective as those in your home country, state, province or other governmental jurisdiction, and consent to the transfer of your Personal Information to such countries.
Without limiting the generality of the foregoing, website users, including Registered Users, in the European Union acknowledge and agree that their Personal Information may be transferred to the United States, Canada or Australia.
Where we are responsible for the selection and supervision of third party vendors that process your Personal Data, we will include selection criteria such as the regulatory and data protection regime in the country where the vendor is located, the technical and operational safeguards the vendor has in place with respect to the processing of Personal Information and any other information obtained during a vendor due diligence process. We will put in place a contract with the vendor that ensures the safe and secure processing of Personal Information in compliance with applicable laws.
13. Monitoring Technology (“Cookies”)
Trolley uses monitoring technology (“cookies”) on the Website and by using the Website you agree to their use. Cookies are small text files placed on your device when you visit a web site, in order to monitor and analyse use of the site and to improve the user experience. The Website uses “session cookies,” which are necessary to recognise you as a Registered User. Specifically, we may use cookies for the following functions:
- to facilitate your signing-in to the Website;
- to provide general internal and user analytics;
- to conduct research to improve the content of the Website using analytics programs as described above in this Policy;
- to assist in identifying possible fraudulent activities.
Your browser can be set to refuse cookies or delete them after they have been stored. Please refer to your browser’s help section for instructions. Please note that deleting these cookies may reduce your user experience on the Website by requiring you to re-enter certain information, including information required to use the Website and use the Services, such as account login information. Furthermore, deleting cookies may prevent certain functions from working at all. Trolley and its Representatives are not responsible for any function that may not operate after you delete cookies, and shall not be liable for any losses or damages (pecuniary or otherwise) arising from those functions not operating, or having reduced functionality.
14. Risks Associated with the Internet
Despite Trolley’s best efforts to ensure that third parties will not access or obtain your Personal Information through your use of the Website, complete confidentiality and security cannot currently be guaranteed on the Internet. Communication via the Internet may be subject to interception, loss, or alteration. You acknowledge and agree that Trolley cannot be held responsible for losses resulting from the transmission of confidential information or Personal Information over the Internet and that such communications are at your own risk, provided always that Trolley provides you with the option to securely communicate in accordance with industry best practices (e.g. standard encryption via commonly used protocols).
15. Links to Third Party Websites
From time to time Trolley may provide links to other websites or services not covered by the present Policy. We encourage you to read the privacy policy of any website or service linked to from our Website, and to be careful when submitting any information, including your Personal Information, to them.
16. Limitation of Liability
Trolley, its affiliates, or their respective officers, directors, employees, affiliates, agents, partners, principals, licensors, representatives, successors and assigns, will not be held liable for any losses or damages, direct or indirect, pecuniary or not pecuniary, resulting from the misuse of any information collected by any third party, or any misuse of any information collected through the Website not in violation of the Policy.
17. Compliance with Privacy Laws
This Policy and Trolley’s practices in general are designed to be in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”, S.C. 2000, c. 5) and the UK Data Protection Act 1998. If you have any questions regarding this compliance, please contact us using the contact information further up in this Policy.
GDPR – If you are an individual residing in the European Union and we are processing your personal information, we comply with the European General Data Protection Regulation (GDPR, officially: “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016”).
CCPA – Trolley complies with its obligations under the California Consumer Privacy Act (CCPA) in regards to California consumers whose personal information is collected or processed by Trolley under the Terms of Use.
Privacy Shield – Trolley complies with the requirements of the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use, and retention of Personal Information transferred from the European Economic Area to the United States. Trolley has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Trolley’s certification, please visit https://www.dataprivacyframework.gov/s/.
If you are an EU citizen and believe Trolley is not abiding by the terms of this Policy, or is not in compliance with the Privacy Shield Principles, please contact us using the contact information further up in this Policy.
Trolley has agreed to refer unresolved complaints related to Personal Information to JAMS Privacy Shield Dispute Resolution Program. For more information and to submit a complaint regarding Individual data to JAMS, visit: https://www.jamsadr.com/eu-us-privacy-shield. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.
You may also have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see https://www.dataprivacyframework.gov/s/. The FTC has jurisdiction over Trolley’s compliance with the Privacy Shield.