1. OUR COMMITMENT TO PRIVACY

ePayment, LLC (“ePayment” “we” “our”) is the owner and operator of this and other websites within our family of companies (collectively “Website”). The products and services we offer represent tech-enabled payments solutions for a wide variety of industries. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or device (“personal information” or “PI”). We are committed to protecting any PI collected while providing those services. You have the right to know the PI that is being collected, to know if it is being sold or shared, and to whom, to object to the sale of PI, to access your PI, and to equal service and price, even for consumers who exercise their privacy rights. This Privacy Policy applies to all visitors to this website and anyone else who accesses or uses our products and services. WHEN YOU ACCESS THE WEBSITE, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, OR TO ANY CHANGES WE MAY SUBSEQUENTLY MAKE, IMMEDIATELY STOP ACCESSING THE WEBSITE.

2. THE PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT IT

How we collect and store information depends on the products and services you use. You can use some of the Website without providing any information other than that automatically collected as described below:

• Log data: Our servers automatically record information when you access the Website, the type of browser you are using and its settings, the third party website you visited immediately prior to accessing the Website, the operating system you are using, the domain name of your internet service provider, the search terms you use on the Website, the specific pages of the Website you visit, and the duration of your visits. 
  
• Cookie data: Like many websites, we use “Cookies” to obtain certain types of information when your web browser accesses the Website. “Cookies” are small text files that we transfer to your computer’s hard drive or your web browser memory to enable our systems to recognize your browser and to provide convenience and other features to you, such as recognizing you as a frequent user of the Website. We may use “session cookies” (cookies that last until you close your browser) or “persistent cookies” (cookies that last until you or your browser delete them). Examples of the information we collect and analyze from cookies include your activity on the Website, including the URL you come from and go to next (whether this URL is on our site or not).
  
• If the Website contains link through to third party websites, those processes may involve  the placement of third party cookies on your machine or device. Please be aware that we  do not control these third party websites or any of the content contained on those websites,  including the third-party cookies used for these purposes. The inclusion of links to third party websites in no way constitutes an endorsement by us of such websites’ content,  actions, or policies.
  
• If you are concerned about the storage and use of cookies, you may be able to direct your  internet browser to notify you and seek approval whenever a cookie is being sent to your  web browser or hard drive. You may also delete a cookie manually from your hard drive  through your internet browser or other programs. Please note, however, that some parts of  the Website may not function properly or be available to you if you refuse to accept a  cookie or choose to disable the acceptance of cookies.
  
• Experience data: We collect other PI that is voluntarily provided by you from time to time  if you respond to surveys, polls or questionnaires, and/or website registration forms. Such  PI may include personal preferences, opinions and experiences with our products and  services, and may be provided anonymously. 
  

In addition to the PI automatically collected, we may also collect PI about you: when you complete  and submit registration forms, applications or other forms; from third parties, consumer-reporting  agencies, fraud monitoring providers, commercial databases or know your customer providers  (KYC); and transactions with us or our affiliates. This PI may include name, address, web address,  IP address, URL, email address, phone number, payment transaction information, financial and  credit card information, date of birth, government identifiers associated with you and your  organization (such as your social security number, tax number, or Employer Identification  Number), merchant or other customer identification.  

The information we have collected in the last 12 months, and may collect in the future, whether  automatically, from you, or from third parties, fall into the following categories: personal  identifiers, personal information listed in the California Customer Records Statute (Cal. Civ. Code  1798.80(e), protected classification characteristics such as race, commercial information,  biometric information, internet or other similar network activity, geolocation data, sensory data,  professional or employment related data, non-public education information, and inferences drawn  from other personal information. As discussed below, you may have the right to request  information on the specific categories we collect about you. 

*Please note – we may collect information that is deemed to be educational information, such as  student name and education records, when you use our education services. This PI may also be  protected by other state and/or federal laws, including the Family Education Rights and Privacy  Act, as detailed in the terms and conditions governing your use of those services. 

3. USE OF PERSONALLY IDENTIFIABLE INFORMATION

We use the PI we collect in a variety of ways that are appropriate, based on legitimate interests or as authorized by applicable law, which may include:

• Analyzing website traffic, which allows us to improve the design and content of the Website 
  
• Legal, regulatory or law enforcement purposes, including compliance with local and national laws (including card brand rules and requests from law enforcement and regulatory authorities); enforcing our legal rights and satisfying our legal obligations, including, without limitation, any reporting or disclosure obligations under applicable law or regulations or subpoena, court order or other judicial or administrative process, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others; conducting our own due diligence checks, preventing, detecting and prosecuting fraud or crime or to assist others in doing so; assisting in investigation by third-party vendors, financial organizations or third parties of suspected criminal activity; assessing financial and insurance risks; notifying you about important changes or developments to the Website or our services, recovering debt or in relation to your insolvency, including tracing your whereabouts; identifying and monitoring for fraud; maintaining internal record keeping and reporting; preparing and furnishing compilations and analyses as well as other reports of aggregated and anonymized PI; checking your personal or business credit status/profile and identity; and recording and tracking details of your transactions or your customer’s transactions
  
• Evaluating credit risk, including conducting our own due diligence checks; checking your personal or business credit status/profile and identity; recording and tracking details of your transactions or your customer’s transactions; maintain internal record keeping and reporting; identifying and monitoring for fraud; assessing financial and insurance risks; mitigating PI security, sector or credit risk; and commercial purposes, such as trend analysis and the use of data analytics to obtain learnings and insight around cardholder transaction patterns and usage
  
• Fraud monitoring, including monitoring merchant or other customer transactions in an effort to detect and prevent fraud; maintaining internal record keeping and reporting; preparing and furnishing compilations and analyses as well as other reports of aggregated and anonymized PI; and providing or developing more innovative and effective fraud monitoring services for our merchants or other customers
  
• Maintaining Security, including conducting our own due diligence checks;  administering the Website and services for internal operations, including troubleshooting; keeping the Website and services safe and secure; maintaining internal record keeping and reporting; identifying and monitoring for fraud; and mitigating PI  security, sector or credit risk 
  
• Marketing, including marketing or market research; performing analysis and comparisons; maintaining internal recordkeeping and reporting; improving and developing our business; providing PI about the Website and services you requested, purchased or which may be of interest to you; providing or developing more innovative and effective services for our partners, merchants or other customers; communicating with you; creating promotional materials, social media site integration and interaction; notifying you about important changes or developments to the Website and services; improving the Website and services, and ensuring content is presented in effective way; allowing you to participate in interactive features of the Website
  
• Product development, including providing or developing the Website and services to be  more innovative, user friendly and effective; maintaining internal recordkeeping and  reporting; preparing and furnishing compilations and analyses as well as other reports  of aggregated and anonymized PI 
  
• Customer Service/Account Management, including enabling you to contact us;  providing training; authorizing and establishing commercial user and merchant accounts; maintain internal recordkeeping and reporting; enabling you to upload and/or  store PI; obtaining your views on the Website and services; allowing you to participate  in interactive features of the Website; responding to any inquires by you; providing the  Website and services to you and your business; subscribing you to our services;  registering your use of services where applicable, processing your application for  services; and notifying you about important changes or developments to the Website or  services 
  
• Operations, including IT, security and analytics services 
  
• Risk Management, including fraud mitigation and management, authentication and  acceptance 
  
• Transaction Processing, including compliance monitoring, card brand operations,  disputes/charge-backs, capturing payments, settlement, gateway services, pre-paid card processing and program management and authorization 
  

4. HOW AND WHEN WE SHARE PERSONALLY IDENTIFIABLE INFORMATION

We only share your PI with third parties, as outlined below:

• Legal or regulatory purposes, including when required or permitted to do so by law or  regulations, including for tax purposes or to comply with financial services regulations;  in the course of litigation; when following requests from governmental or public  authorities; and when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of  others 
  
• Business purposes, including improving and developing our business, business partners,  suppliers and sub-contractors for the performance of any contract we may enter into with  them or you, transferring PI and/or assets in the event of a merger, acquisition, sale,  bankruptcy filing, or other corporate restructuring (if we or substantially all of our assets  are acquired by a third party, in which case PI held by it about its customers will be one  of the transferred assets); and if we sell or buy any business or assets, in which case we  may disclose your PI to the prospective seller or buyer of such business or assets 
  
• Commercial purposes, we collect information from official records, such as tax records,  driving records, criminal and civil court records that are generally publicly available that may be shared with third parties.  
  

Suppliers who assist us with the provision of its services, including fulfilling or processing  application forms, processing payments; managing credit, security, sector and fraud risk,  market research and survey activities.

• Email communications, including use your email address to respond to your questions or  comments, and we may save your questions or comments for future reference. We may  email you when you inquire about our business or our family of companies or our products  and services or when you consent to being contacted by email for a particular purpose.  For security reasons, we do not recommend that you send personal PI, such as passwords,  social security numbers, or bank account PI, to us by email.
  
• Transfer of Assets, including the sale or purchase of all or substantially of our assets as  we continue to develop our business, or if any bankruptcy or reorganization proceeding is brought by or against us, PI will be transferred to and used by an acquiring entity or third  party. 
  

To the extent we are deemed to “sell” your non-public personal information (as the term “sell” is  defined under law, such as the California Consumer Privacy Act), you have the right to opt-out of  that “sale” on a going-forward basis at any time. “Third parties” with whom we have shared PI  in the last 12 months, and may share with in the future, may include, but not be limited to, service  providers, governmental authorities, buyer in the event of a sale, contractors, third parties who  market their products and services to the individual, subsidiaries and affiliates, and in some cases with customers (like schools and landlords).  

Notwithstanding anything herein to the contrary, we reserve the right to disclose any PI about you  if we are required to do so by law, with respect to copyright and other intellectual property  infringement claims, or if we believe that such action is necessary to fulfill a government request;  conform with the requirements of the law or legal process; protect or defend our legal rights or  property, the Website, or other members of our family of companies; or in an emergency to protect  the health and safety of the users of the Website or the general public.

5. YOUR RIGHTS AND CHOICES

Our goal is to provide you with simple and meaningful  choices about how your information is used. If you are a visitor to our Website or a customer,  merchant or partner, you control your choices by your selections when you set up your account  with us, for example to control the email you receive from us. Your account information will be  retained in our database and maintained for future orders or transactions and as required under  applicable law, rules, and/or regulations. It is your responsibility to ensure that the account  information is accurate and you should update the information as necessary. We do retain  information concerning transactions other than PI. For example, we retain non-personally  identifiable data concerning the number, frequency, size and purpose of transactions. You have a  right to inspect and review your account information, including your PI. If you request it, we will  provide you with a copy of your account information. 

You may request, up to twice in a 12-month period, the following information about the PI we  have collected about you during the past 12 months, the categories and specific pieces of PI we  have collected about you, the categories of sources from which we collected the PI, the business  or commercial purpose for which we collected the PI, the categories of third parties with whom  we shared the PI, the categories of PI about you that we disclosed for a business purpose, and the  categories of third parties to whom we disclosed that information for a business purpose. Subject  to certain limitations under applicable law, you may request that we delete the PI we have  collected. To submit a request to exercise any of the rights described above, you may contact us  by emailing support@epayment.one or calling 855-844-5586. We may need to verify your  identity before responding to your request, such as verifying that the email address from which  you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required.  

• Cookies and Automatic Data Collection Technologies. You can set your browser to refuse  all or some browser cookies, or to alert you when websites set or access cookies. However,  if you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly. If you do not want Google Analytics to be used in  your browser, Google Analytics provides an op-out tool which can be found here. You can  opt-out of Adobe Analytics by using Adobe’s opt-out browser add-on at http://www.adobe.com/privacy/opt-out.html. In some cases, you may be able to set your  browser or email program to not download web beacons. 
  
• California Shine the Light Law. California’s “Shine the Light” law (Civil Code Section §  1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. At this time, we do not engage in this type of disclosure. 
  
• Nevada Residents. Nevada residents have the right to opt out of the sale of certain “covered  information” collected by operators of websites or online services. We do not sell covered  information, as “sale” is defined by such law, and have no plans to sell this information. 
  

6. OUR COMMITMENT TO SECURITY

We value your confidence and have implemented  administrative, technological and physical security measures we consider reasonable and  appropriate to protect against the loss, misuse and alteration of the PI under our control. We cannot,  however, guarantee or warrant the security of any PI you disclose or transmit to us online and are  not responsible for the theft, destruction, or inadvertent disclosure of your PI. We recommend that  you take steps to protect the privacy and security of your personal and payment PI and your activity  while using the Internet. Where we have given you (or where you have chosen) a password  or access code enabling you to access certain parts of the Website, you are responsible for keeping  this password and/or access code confidential. You should not share your password or access code  with anyone and you should use all reasonable methods to ensure that there is no unauthorized use.  You therefore authorize us to act upon instructions and PI received from any person that enters  your user ID and password and you agree to be fully responsible for all use and any actions that  may take place during the use of your account. You also agree to promptly notify us of any PI you  have provided which has changed.

7. CHILDREN UNDER 13

We have no way of distinguishing the age of individuals who access  the Website. The features, programs, promotions and other aspects of the Website requiring the  submission of PI are not intended for children. We do not knowingly collect PI from children  under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe he  or she has disclosed PI to us please contact us at support@epayment.one. A parent or guardian of a child under the age of 13 may review and request deletion of such child’s PI as well as prohibit the use thereof, and also we carry out the same Privacy Policy. 

8. HIPAA

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as  amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH  Act”), is a federal law intended to maintain the privacy and security of individuals’ health  information. In regard to ePayment’s obligations, HIPAA applies to certain activities of several ePayment subsidiaries (“Covered Entities”) as defined under the privacy, security, breach notification,  and enforcement rules at 45 C.F.R. Part 160 and Part 164 (“HIPAA Rules”). The Covered Entities’  activities include interacting with health plans, health plan clearinghouses, and health care  providers that transmit health information electronically in certain types of transactions.  

Although ePayment is ultimately responsible for HIPAA oversight, compliance, and enforcement obligations, as applicable, because the HIPAA Rules may apply to only certain ePayment’s subsidiaries, ePayment does not wish to designate the entire enterprise as a hybrid entity or affiliated covered entity. Instead, ePayment has entered into HIPAA business associate  agreements, where required, to permit ePayment to access, disclose, and use HIPAA protected  health information in accordance with applicable law.

• Required Safeguard. ePayment shall comply with the HIPAA Rules, as applicable. In particular, ePayment shall require that:
  
  • (a) ePayment entities only disclose protected health information to another component or subsidiary of ePayment in accordance with the HIPAA Business  Associate Agreement in place between these entities and in a manner that would not be  prohibited under the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E);
    
  • (b) If a person performs duties as a workforce member for both a Covered Entity and a business associate entity in the same or similar capacity, the person will not  use or disclose protected health information, created or received in the course of (or  incident to) the person’s work for the Covered Entity, in a way that is prohibited under  the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E).
    
• Recordkeeping Requirement. Covered Entities shall retain documentation of compliance with HIPAA for at least six years 
  
• HIPAA Privacy and Security Officer. ePayment has appointed Rick Barnhill as the HIPAA Privacy and Security Officer for ePayment’s covered entity subsidiaries. For any questions regarding compliance with the HIPAA Rules and implementing regulations concerning Covered Entities, please contact the HIPAA Privacy and Security Officer.
  
  

9. REVISIONS TO OUR PRIVACY POLICY

This Privacy Policy is effective as of the date stated above. We reserve the right to revise this Privacy Policy or any part of it from time to time. We will post a new or revised Privacy Policy to the Website, and we suggest you review our Privacy Policy periodically when accessing the Website.

10. CONTACT INFORMATION

You may contact us at support@epayment.one if you have questions or comments about our Privacy Policy.