Table of Contents
For companies registered in the United States and Canada.
Last Updated: June 14, 2020
1. Introduction, Acceptance, Definitions, and Modifications
By visiting and / or using the Website, or by clicking the acceptance box upon signing up for an account, you agree to be bound by the terms of the present Policy.
By submitting Personal Information to us or on or through the Website or via other means, you consent to Payment Rails’ collection, use and disclosure of such Personal Information (as that term is defined below) in accordance with this Policy and as permitted or required by law.
The Services may only be used by legally-constituted entities including but not limited to corporations, partnerships, and legal organizations (hereinafter “Legal Entities”). If you are an individual using the Services on behalf of a Legal Entity, you represent and warrant that you have the capacity and authority to accept the Policy on behalf of the Legal Entity, and hereby agree to be the collection, use, and disclosure of Personal Information on behalf of that Legal Entity.
The Website is owned and operated by Payment Rails Inc. (“Payment Rails”), a corporation located at 1800-130 King St. W., Toronto, ON M5X 1E3. Where this Policy refers to “Payment Rails”, it may refer to Payment Rails Inc. and / or it’s affiliates, including Payment Rails CA Inc. (Canada), Payment Rails Ltd (UK), Payment Rails US Inc. (US), and Payment Rails HK Limited (Hong Kong); it’s officers, directors, employees, agents or representatives, depending on the context. Any reference to “we”, “our”, or “us” in this Policy shall also refer to Payment Rails.
In this Policy, a Website visitor or user, or the Legal Entity they represent (depending on the context), may be referred to as “you” or “your”. When a Website user has created an account for the Services, they may be referred to as a “Registered User”. Payment Rails reserves the right to modify or replace any of the Policy. Any changes to the Policy can be found at this URL. If you are a Registered User, it is your responsibility to check the Policy periodically for changes. Your use of the Website following the posting of any changes to the Policy constitutes acceptance of those changes. If we make any substantial changes to the Policy that materially affect the way we treat your Personal Information, we will use commercially reasonable efforts to notify you by sending a notice to the primary email address specified in your account or by posting a prominent notice when you log in to your account for the first time following those changes.
Payment Rails reserves the right, at any time and without prior notice, to modify or replace any of the Policy. Any changes to the Policy can be found at this URL. If you are not a Registered User, it is your responsibility to check the Policy periodically for changes. Your use of the Website following the posting of any changes to the Policy constitutes acceptance of those changes. If you are a Registered User and we make any changes to the Policy that affect the way we treat your Personal Information, we will use commercially reasonable efforts to notify you by sending a notice to the primary email address specified in your account or by posting a prominent notice when you log in to your account for the first time following those changes.
If you have any questions about the Policy or if you wish to inquire about and / or access any personal information Payment Rails holds about you, please contact:
Payment Rails Data Protection Officer
or by post:
Payment Rails – Data Protection Officer
130 King Street West, Suite 1800
Toronto, ON M5X 1E3
2. General Statement of Privacy and Protection of Personal Information
Payment Rails understands that privacy is important to both our online visitors and Registered Users. We respect your privacy and will take reasonable steps to protect your information
This Policy covers the treatment of personally-identifiable information, i.e. any information that identifies or relates to an individual, or can be used in conjunction with other information to identify an individual (“Personal Information”). This Policy also covers Payment Rails’ treatment of any Personal Information that Payment Rails may share with its business partners or other third parties under very limited circumstances.
This Policy does not apply to the general practices and treatment of information (whether personal or not) by third parties that Payment Rails does not own or control, including but not limited to any third party websites or services that you elect to access through the Website or via a link from the Website (“Third Party Website”), or to individuals that Payment Rails does not manage or employ. While we attempt to facilitate access or link only to those Third Party Websites that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Websites. We encourage you to carefully review the privacy policies of any Third Party Website you access.
4. No Collection of Personal Information as a Matter of Course
Your Personal Information is only processed (a) with your freely given, informed consent, (b) if the processing is necessary to fulfil a contractual or legal obligation towards you, (c) upon your request to perform an action that requires processing or (d) if we are obliged to do so under applicable laws. We will only process Personal Information for the stated purpose or use and to the extent necessary, as described in the next section of this Policy.
5. Personal Information Collected and its Uses
The following describes the Personal Information collected from you when you use the Website and what we use it for. When you submit Personal Information about third parties, you represent and warrant that you have their permission and consent to submit that Personal Information to us and for Payment Rails to use their Personal Information as described in this Policy. When you submit Personal Information about the Legal Entity you represent, you represent and warrant that you have the capacity and authority to do so.
- “Account Information”. In order to use the Services, you will be required to create an account by entering the following Personal Information: a valid email address, your full name, your company name, your company website, and your phone number. You may also choose to add additional Authorized Users to your account by submitting first and last names and email addresses of additional individuals; this shall also be considered Account Information. This Account Information is used to manage your account, to verify your credentials for logging-in to the Website, to facilitate your use of the Services, and to communicate with you information about your account.
- “Recipient Information”. In order to make payments to Recipients, you must submit the following Recipient Information: (i) for an individual, first and last name, and a valid email address; or (ii) for a company, business name and a valid email address. We use this Recipient Information to verify the Recipient’s ability to receive a payment, and to facilitate payments to the Recipients through the Services.
- “Third Party Account Information”. In order to make payments to Recipients, you must submit the following Recipient Information: (i) for an individual, first and last name, and a valid email address; or (ii) for a company, business name and a valid email address. We use this Recipient Information to verify the Recipient’s ability to receive a payment, and to facilitate payments to the Recipients through the Services.
In addition to the uses described above, we may also use Personal Information you have submitted:
- To facilitate and improve customer service;
- To send you periodic emails of interest. Please see the Email Communications section further in this Policy for more information.
There may be other instances where we collect and process Personal Information which cannot be sufficiently covered in this Policy. If this is the case, we will notify you at the point of collection of the Personal Information and, if required, will ask for your consent and notify you of the nature and scope of the processing.
We may process your Personal Information for as long as we have a contractual or business relationship with you or, if longer, for the duration required by applicable laws. Note that applicable laws may require us to process your data regardless of your consent and/or for a period considerably longer than the business relationship between us.
6. Security and Encryption of Information
Payment Rails uses industry best practices (physical, electronic and procedural) in keeping any data collected (including Personal Information) secure. In addition, Payment Rails uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Website, and these third parties have been selected for their high standards of security, both electronic and physical. For example, Payment Rails uses Amazon AWS, a recognized leader in secure data, for hosting of the Website and storage of data, including Personal Information. Please note that these third parties may not be located in your home jurisdiction – see the “Transfer of Personal Information Outside Your Home Jurisdiction” section further in this Policy for more information.
7. Non-disclosure of Personal Information to Third Parties
Except as provided in the next paragraph and the sections in this Policy on Use of the Services and Mailing List Management, Payment Rails does not divulge any Personal Information to third parties. Moreover, Payment Rails does not sell, rent, trade or license any Personal Information to third parties. Only the employees, agents, subcontractors, officers, directors, or assigns of Payment Rails (or of Payment Rails’ affiliates) are responsible for the management and development of the Payment Rails service, and only these individuals have access to the information collected. These employees, agents, subcontractors, officers, directors or assigns all have been instructed to comply with the Policy.
8. Use of Personal Information when making Payments
When you use the Services to make payments to Recipients, your Personal Information and that of the Recipient is transferred to Financial Services Providers and Third Party Payment Providers involved in the execution of the payment. Such Personal Information is only used for the making of the payment and to monitor compliance with applicable laws and the rules of the payment scheme in question;
9. Email Communications and Compliance with Anti-Spam Laws
Payment Rails uses SendGrid for sending out transactional emails to you, and uses Intercom and Hubspot to manage our mailing list and send out marketing emails (collectively “Third Party Email Suppliers”). Personal Information is transferred to these Third Party Email Suppliers in order for our email communications to function properly. Your Personal Information is only used for the proper sending out of email; we have agreements in place that ensure that the Third Party Email Suppliers do not use this Personal Information for any other purpose, and will not transfer or sell your Personal Information to any other third party.
We will only send you marketing emails (i.e. emails that are not strictly necessary for the provision of Services to you) if you have allowed us to do so. You may unsubscribe from receiving marketing emails from us at any time by following the link at the bottom of any email sent to you.
Payment Rails’ practices with regards to their email communications are designed to be compliant with anti-spam laws, specifically the law unofficially called “CASL”, or Canada’s Anti-Spam Law or, if you reside in the European Union, with the EU General Data Protection Regulation. If you believe you have received email in violation of these laws, please contact us using the contact information further up in this Policy.
10. Limited Gathering of Information for Statistical, Analytical and Security Purposes.
Payment Rails automatically collects certain information using third-party analytics programs from Google Analytics, Amplitude and Hubspot to help us understand how our users use the Website, but none of this information identifies you personally. For example, each time you visit the Website, we automatically collect your IP address, browser and computer type, access times, the web page from which you came, and the web page(s) you access (as applicable). We use information collected in this manner only to better understand your needs and the needs of the Website users in the aggregate. Payment Rails also makes use of information gathered for statistical purposes to keep track of the number of visits to the Website and the specific pages on the Website with a view to introducing improvements.
11. Verification, Correction and Deletion of Personal Information
You have the right to: (i) verify what Personal Information Payment Rails holds about you, for how long and for which purposes it is being processed and what safeguards are in place to protect it; (ii) ask for your Personal Information to be corrected or updated; (iii) obtain, to the extent possible, a machine read-able copy of your Personal Information held by us; and (iv) withdraw your consent to the use by Payment Rails of your Personal Information and have it deleted from our records. If you wish to inquire about and verify and / or correct Personal Information Payment Rails holds about you, or if you wish to have all your Personal Information permanently deleted from our records, please contact us using the contact information further up in this Policy. Please note that deletion of your Personal Information may make it impossible for you to use the Website, or certain portions thereof. If you request deletion of your Personal Information, Payment Rails reserves the right to retain some of your Personal Information for a reasonable time in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
12. Transfer of Personal Information Outside Your Home Jurisdiction
Website users may access the Website from any country in the world. Payment Rails and its third party vendors, including service providers and hosting partners, are located in the United States, Canada, European Economic Area (EEA), and Australia. You acknowledge that Payment Rails and our third party vendors may be located in jurisdictions or countries where the privacy laws may not be as protective as those in your home country, state, province or other governmental jurisdiction, and consent to the transfer of your Personal Information to such countries.
Without limiting the generality of the foregoing, website users, including Registered Users, in the European Union acknowledge and agree that their Personal Information may be transferred to the United States, Canada or Australia.
Where we are responsible for the selection and supervision of third party vendors that process your Personal Data, we will include selection criteria such as the regulatory and data protection regime in the country where the vendor is located, the technical and operational safeguards the vendor has in place with respect to the processing of Personal Information and any other information obtained during a vendor due diligence process. We will put in place a contract with the vendor that ensures the safe and secure processing of Personal Information in compliance with applicable laws.
13. Monitoring Technology (“Cookies”)
- to facilitate your signing-in to the Website;
- to provide general internal and user analytics;
- to conduct research to improve the content of the Website using analytics programs as described above in this Policy;
- to assist in identifying possible fraudulent activities.
14. Risks Associated with the Internet
Despite Payment Rails’ best efforts to ensure that third parties will not access or obtain your Personal Information through your use of the Website, complete confidentiality and security cannot currently be guaranteed on the Internet. Communication via the Internet may be subject to interception, loss, or alteration. You acknowledge and agree that Payment Rails cannot be held responsible for losses resulting from the transmission of confidential information or Personal Information over the Internet and that such communications are at your own risk, provided always that Payment Rails provides you with the option to securely communicate in accordance with industry best practices (e.g. standard encryption via commonly used protocols).
15. Links to Third Party Websites
16. Limitation of Liability
Payment Rails, its affiliates, or their respective officers, directors, employees, affiliates, agents, partners, principals, licensors, representatives, successors and assigns, will not be held liable for any losses or damages, direct or indirect, pecuniary or not pecuniary, resulting from the misuse of any information collected by any third party, or any misuse of any information collected through the Website not in violation of the Policy.
17. Compliance with Privacy Laws
This Policy and Payment Rails’ practices in general are designed to be in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”, S.C. 2000, c. 5) and the UK Data Protection Act 1998. If you have any questions regarding this compliance, please contact us using the contact information further up in this Policy.
GDPR – If you are an individual residing in the European Union and we are processing your personal information, we comply with the European General Data Protection Regulation (GDPR, officially: “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016”).
Privacy Shield – Payment Rails complies with the requirements of the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use, and retention of Personal Information transferred from the European Economic Area to the United States. Payment Rails has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Payment Rails’ certification, please visit https://www.privacyshield.gov.
If you are an EU citizen and believe Payment Rails is not abiding by the terms of this Policy, or is not in compliance with the Privacy Shield Principles, please contact us using the contact information further up in this Policy.
Payment Rails has agreed to refer unresolved complaints related to Personal Information to JAMS Privacy Shield Dispute Resolution Program. For more information and to submit a complaint regarding Individual data to JAMS, visit: https://www.jamsadr.com/eu-us-privacy-shield. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.
You may also have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over Payment Rails’ compliance with the Privacy Shield.
© Payment Rails 2020