Privacy Policy
Privacy policy
BlueSnap Privacy Policy v.2.6 Date: 10 October 2023
BlueSnap Respects Your Privacy
Click here for California & US State Privacy Rights
Introduction
This website and related services are owned and operated by BlueSnap a global company providing payment facilitator and payment gateway services, enabling eCommerce, marketing and payment processing, together with various subsidiaries including a European Union subsidiary BlueSnap Payment Services Ireland Limited, a UK subsidiary BlueSnap Payment Services Limited, a Canadian subsidiary BlueSnap Enterprise Canada ULC and an Australian subsidiary BlueSnap Australia Pty Limited. References to BlueSnap in this policy also include all BlueSnap subsidiaries unless otherwise stated. Additional subsidiaries may be added over time and shall be governed by the terms of this policy.
We understand that you care about how your information is used and shared when you enter it on our websites, www.bluesnap.com, or use BlueSnap’s payment services as a merchant or shopper, and this notice describes our privacy policy and practices.
BlueSnap respects each individual’s right to personal privacy. We will collect and use information through our website including registration forms, inquiry forms, product transaction forms, mobile and API services only in the ways disclosed in this statement.
Online payment transactions involve transfer of data across international borders, as well backing up of data at our secured data centers in the UK and USA. This means that data may be transferred, processed and stored outside the EU, the European Economic Area (EEA), UK, Switzerland and other countries. By submitting your data directly or through a third party such as a merchant you are agreeing to such transfer, processing and storage.
BlueSnap’s Certification Under the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF
BlueSnap complies with the EU-US Data Privacy Framework program (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework program (Swiss-US DPF) as set forth by the U.S. Department of Commerce.
BlueSnap has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF.
BlueSnap has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework program Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
The Federal Trade Commission has jurisdiction with enforcement authority over BlueSnap’s compliance with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF).
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-US Data Privacy Framework Principles, BlueSnap commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact:
[email protected].
Tel: +1 (781) 790-5013
Mailing Address: BlueSnap Corporate HQ, 800 South St, Suite 640, Waltham, MA
BlueSnap has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBBNational Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
The DPF Principles also provide that a participating organization has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Accordingly BlueSnap shall remain liable under the DPF Principles if such agent processes such personal information in a manner inconsistent with the DPF Principles, unless BlueSnap can prove that it is not responsible for the event giving rise to the damage.
Standard Contractual Clauses
BlueSnap and its international subsidiaries are also contractually committed with respect to data transfers from the EEA, UK and Switzerland to other countries through the use of the EU’s approved ‘Standard Contractual Clauses’ and the UK’s Standard Contractual Clauses Addendum (“SCCs”). BlueSnap is bound by the SCCs with respect to data transfers from the EEA, Switzerland and UK to the US. BlueSnap is committed to maintaining the principles of transparency, accountability and choice regarding the collection and use of your personal information.
BlueSnap Services and You
When using BlueSnap’s services, technologies, functions, website or applications, the terms of this policy will apply.
BlueSnap acts as a technology provider supplying secure online and mobile digital payment processing services to businesses known as merchants so that they can sell their goods and services to their shoppers both domestically and worldwide.
The personal information collected by BlueSnap depends on how you are using our services.
Individuals typically interface with BlueSnap in one of the following ways:
Site Visitor: If you are visiting our website for details about our products and services, you may be asked to enter your personal details on an online form to receive more information. Cookies may be used to track site usage to assist in product development or monitor behavior for marketing purposes. Visitors from the EU/EEA, Switzerland and UK may initially be asked to expressly consent to cookie usage. Certain interactions with Sales and Support staff may involve recording of conversations and in such situations you will have the option to accept or reject such recording.
Merchant: you may be a business customer that has consented to BlueSnap’s terms of service under a merchant or other formal agreement and use BlueSnap to conduct secure online sales or an individual in the employ of such a party. To set up a merchant account you will need to provide personal details, business data and identifying documentation to comply with KYC and AML requirements relating to the payments industry.
Shopper: You may be a business or consumer using BlueSnap’s secure online payment technologies to complete the purchase of goods and services from a merchant that has selected BlueSnap as its payments solution. Your own choice of payment method will usually determine what personal data is passed to BlueSnap to enable your payment transaction to take place. It could be name, address and credit/debit card details, electronic bank transfer information, or pay-wallet credentials if using a service such as PayPal, or tokenized data if using a service such as Apple Pay.
While such secure transactions may be completed in just a few seconds they are often complicated by the fact that live anti-fraud checks need to be conducted to verify that the actual card owner is generating the transaction. Data also has to be passed to the relevant payment processors; banks, payment card and payment account services may need to be notified; legal tax invoices generated, and transaction confirmations delivered; and this is dictated by the Shopper’s choice of payment method and selected merchant. Often these transactions may be international in nature, involving transfer of data across borders and continents. Some or all of these steps may all involve the transfer and sharing of personal data down a chain of service providers and third parties including merchant referrers, the storage of transaction records in accordance with regulatory or contractual requirements as well as the use of tracking cookies.
The relevant merchant, product supplier and shipping service may each need to receive personal data in order to facilitate the transaction and retain such data for their records in accordance with their own respective privacy policies. Shoppers may also have elected to pay in instalments using a ‘buy now pay later service’ that requires relevant personal data being shared with such service.
If a Shopper makes a purchase through a merchant that operates through a marketplace service this may involve some personal data being transmitted to both the marketplace and the merchant and their respective privacy policies will apply.
The Information BlueSnap Collects
The types of personal information we may obtain or you may choose to provide include:
- Contact information (such as name, postal address, email address, phone number)
- Business contact information, job function, title, department, name and size of organization
- Username and password
- Payment account data – such as credit card information
- Content provided (includes social media submissions – comments, articles, ratings)
- Mobile and device unique identifiers
- Geo-location data
- Business records and identification documents
- IP address, browser type, operating system
- Recording of conversations with Sales and Support
- Other information (such as tracking behavior, cookie preferences, language preferences, age, date of birth, gender and family status), time stamps, device details
Some of this information may be collected automatically by using technologies such as cookies and web beacons, when you interact with advertisements, mobile applications, sales pages, website pages and other digital applications. Often shoppers will provide information themselves when interacting with merchants to purchase goods and services.
Use of Information Collected
The information is collected to perform the following functions:
- Process payment transactions (including authorization, clearance, invoicing, tax calculation, currency exchange, shipping, delivery, processing refunds, chargebacks, provision of customer support and dispute resolution processes)
- Generation of invoices, transaction confirmation notices, delivery of licenses, access keys, product download files and associated documentation, subscription accounts, instant notifications relating to transactions, refunds and refund notices, warranty and dispute records, customer profiles, tax payments
- Communicate with you, respond to inquiries and send service notices, issue notices about functions and services you are registered to use including significant developments about the website and/or eCommerce services. (Users cannot normally op-out of this kind of email communication without cancelling the relevant service).
- When BlueSnap acts as payment service provider, merchant and/or reseller for product suppliers, we may need to share relevant customer information with the specific merchant/product supplier involved in the transaction in order for them to fulfill the transaction. Such information is supplied on the condition that it will not be used for spamming or direct marketing by another party. Occasionally such product suppliers may sell, transfer or assign their business to new owners and in such circumstances data records may be accessible to the new owners subject to such parties satisfying the underwriting requirements of BlueSnap and assuming the ongoing responsibility for the proper protection of such data by committing to relevant contractual provisions.
- Check applications for use of BlueSnap services, perform account underwriting and KYC reviews, protect against and prevent customer and transaction fraud, unauthorized transactions, claims, manage risk exposure, conduct periodic risk reviews and credit checks.
- Evaluate business, product development, improve services, perform marketing activities, run billing, invoicing and account reconciliation functions, staff training and customer support records.
- Compliance with legislation, regulations, legal requirements and law enforcement measures, orders and subpoenas from judicial and governmental authorities, enforcement and defense of contractual and legal rights and claims, generation of reserves, guarantees and sureties.
- Perform data analysis and generation of aggregated data reports based on anonymized information for benefit of BlueSnap, Merchants, processing partners, regulators and customers, auditing practices, conducting business intelligence, performance reporting.
- Compliance with internal policies, card industry and payment scheme requirements.
- Payment Card Industry (PCI) assessment and validation.
- Provide you with content, data and advertising tailored to your individual interests, enabling you to access BlueSnap services such as the Merchant or Shopper Control panel, support, chargeback management services.
- Consensual storage of shopper payment information for subsequent or recurring transactions.
- Track sellers.
- Provide information to regulators, Card Associations, acquiring banks, investors and professional advisers.
BlueSnap may also use information in other ways for which we provide specific notice of at the time of collection.
Site Visitor: As a guest we may set tracking and behavioral cookies when accessing BlueSnap site and landing pages. These may include IP, device, technical usage, time, language and geolocation data. If you decide to request more information, sign up for newsletters, set up a sales call or use support facilities you may be asked to provide name and contact details.
Shopper: To process payment and delivery of products and services BlueSnap receives your transaction information – this may include name, ID info, address, email, phone number, delivery details, card/bank/pay wallet data, currency, transaction amount, gender, gift recipients, donations, IP, technical usage, language, geolocation and relevant affiliate tracking details. Support and post purchase services, refund and chargeback processes may require the use of similar information. You might have access to a shopper account generated by your merchant seller that is powered by or accessed through BlueSnap, to review purchases and set preferences for instance related to subscription and recurring charge transactions and payment card details.
Merchants: Business-related information is collected including corporate structure, tax numbers, beneficial interests, beneficiaries, ID info, social security numbers, name, address, email, phone, banking details, references, financial information, locations, nationality, web site ownership, signatory information, staff access, PCI records, technical details, IP, verification and data relating to PCI/ KYC/AML/Transaction fraud checks, affiliate referral tracking details.
International Entities
BlueSnap’s services enable merchants to sell to shoppers across the world. This sometimes requires BlueSnap to provide services through specific legal entities. BlueSnap Inc., is based in the USA, and its affiliate BlueSnap Payment Services Ireland Ltd., is a regulated payments institution based in Ireland offering payment services across the EU/EEA. BlueSnap Payment Services Ltd. is a regulated UK payments institution offering payment services to merchants in the UK. BlueSnap Enterprise Canada ULC offers payment services to Canadian merchants. BlueSnap Australia Pty Limited offers payment services to Australian merchants and BlueSnap Payment Services Israel Limited provides payment services to merchants based in Israel. Additional BlueSnap entities may be added and shall automatically be covered by this Privacy Policy.
How and Where Information Is Stored
BlueSnap maintains administrative, technical and physical safeguards designed to protect the personal information provided or collected against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or misuse. Data is also routinely backed up at secure locations in the UK and the US in accordance with standard industry practice. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. Payment information is secured and protected in accordance with the Level 1 standards of the PCI-DSS, the definitive security certification of the payment card industry. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any further questions about privacy or security, or have reason to believe your data security has been compromised please contact us immediately by sending an email to: [email protected].
The international nature of BlueSnap’s services means that personal data may be transferred beyond your national borders when you use BlueSnap’s services or purchase from or sell to persons or entities outside your country. By using such services you are deemed to understand and accept that data may be subject to such cross-border transfers.
How long data is retained
BlueSnap stores personal information for as long as necessary to fulfill the purpose for which the personal information was collected and as required or authorized by law. We take measures to delete or permanently de-identify personal information as required by law or if no longer required for the purpose for which it was collected. Certain data relating to transaction records particularly billing and invoice information may be required to be safeguarded for significant periods of time in accordance with standard tax and accounting law and practices, or to enable refund and chargeback requests to be processed on behalf of shoppers.
Sharing of Personal Information
BlueSnap does not sell or otherwise disclose personal information we collect about you except as disclosed in this Privacy Policy or as may be disclosed to you at the time information is collected.
BlueSnap may share personal information collected with its subsidiaries and other BlueSnap entities that process payment transactions as well as relevant merchants, fraud prevention services, card and alternative payment services, relevant banks, payment processors/acquirers and business partners.
BlueSnap may share certain information with service providers who provide or perform services on behalf of BlueSnap. We authorize such services providers to use or disclose such information only as necessary to perform services on our behalf or to comply with legal requirements. Such entities are required by contract and/or law to safeguard the privacy and security of personal information processed on our behalf. We may also share personal information with other parties with your express consent.
Personal data used with respect to payment transactions involving individuals of the EU/EEA, Switzerland and UK often needs to be passed to other parties as part of the transaction process. Transfers of data may be through APIs, email, and other formats, and may be bi-directional. BlueSnap takes steps to ensure that such parties are committed to compliance with applicable data law including the GDPR and that any additional Data Processors or Sub-Processors used are retained under a contractual duty of compliance and are able to respond to data subject access requests. In certain situations, BlueSnap and its subsidiaries might be deemed to be acting on the instruction of other transaction services or together with such parties, in which case BlueSnap shall itself be obligated to act in a manner compliant with applicable data law.
Certain Merchants might use checkout and other systems as part of the payment transaction process that might be integrated with BlueSnap. Accordingly personal information that you provide to such services either directly or through your selected Merchant might be passed to BlueSnap. BlueSnap treats such personal information in accordance with this Privacy Policy, however other entities might have their own policies and these should be thoroughly checked by you.
BlueSnap may use third-party service providers, for example to provide you with support when using our site and including the use of live chat software. When you sign up for our services we will share your personal information only as necessary for the third party to provide that service. Personal information collected relating to marketing and Merchant underwriting functions may be stored and processed on secure compliant cloud-based services provided by third parties to BlueSnap. Such service providers are contractually required by BlueSnap to act in compliance with relevant data law.
Merger, sale and/or transfer of corporate assets or reorganization
BlueSnap may transfer information as part of any corporate merger, sale, acquisition, transfer or assets or reorganization without notice. Such transfer will be on the basis of the continuation of all privacy rights set out in this document. You will be notified via email and/or a prominent notice on our website of any change in BlueSnap ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Compliance with court orders & law enforcement agencies
BlueSnap may be required to disclose personal information without notification in response to a lawful request by public authorities, including to meet national security requirements, or in order to comply with a legal requirement, legislation, regulation, court order or subpoena, or when we believe in good faith that disclosure is necessary to protect our rights, prevent harm of financial loss, protect your safety or the safety of others or investigate fraud or cooperate with law enforcement or government agencies, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
EU/EEA, UK & Swiss Data Privacy Law
With respect to data protection legislation in the European Economic Area, UK and Switzerland including the GDPR, BlueSnap acts as ‘Data Processor’ concerning shopper information of EU/EEA/UK/Swiss-based persons that is transmitted to BlueSnap either through a merchant or directly in order to process a purchase transaction.
When preserving transaction records in accordance with regulatory or industry requirements BlueSnap may act in such circumstances as ‘Data Controller’.
When BlueSnap sets up an account for a merchant we are required to conduct to various payment security, anti-money laundering, credit and KYC checks. When managing such personal data with respect to EEA/UK/Switzerland-based individuals BlueSnap acts as a ‘Data Controller’.
The UK-based subsidiary, BlueSnap Payment Services Limited is authorized by the UK’s Financial Conduct Authority (FCA) under the Payments Services Regulations 2009/2017 reference no. 629580, for the provision of payment services in the UK. The Irish-based subsidiary BlueSnap Payment Services Ireland Limited is authorized by the Central Bank of Ireland under the EU Payment Services Regulations 2018 reference no. C431532 to provide payment services in Ireland and other EU countries. BlueSnap Payment Services Ireland Limited is the representative for all other BlueSnap entities with respect to the provisions of the GDPR. Privacy matters concerning this company should be directed to BlueSnap through email at: [email protected]
EU/EEA/UK-based users will be asked to expressly consent to provision of personal information or initial setting of cookies when visiting BlueSnap web properties so that there is a clear legal basis for processing such data. In other cases personal information will be processed legally by virtue of the performance of the contractual obligations relating to a merchant and/or shopper, BlueSnap’s legitimate interest, legal obligation or the defense or preservation of BlueSnap’s legal rights.
BlueSnap complies with legal requirements to provide adequate safeguards for the transfers of personal data outside the EU/EEA/UK and Switzerland, and as indicated above is also currently certified under the Data Privacy Framework.
Individual users from the EU/EEA or other regions with laws governing data collection and use, should note that you are agreeing to the transfer of your personal information to the United States, UK and other jurisdictions in which BlueSnap may operate. By providing your personal information with respect to a transaction or express consent mechanism, you consent to any transfer and processing in accordance with this Policy.
Individuals based in the EU/EEA, Switzerland and UK have additional statutory data subject rights as shown below under the heading: EU/EEA, Swiss and UK Data Subject Rights.
EEA, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
Your right to access your personal data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or when the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.
We will also provide an individual opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to [email protected].
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Automatic Processing & Profiling
Anti-fraud checks may involve the automatic processing and profiling of personal data.
EU/EEA, Swiss and UK Data Subject Rights
Individuals from the EU/EEA, Switzerland and UK have the right to exercise additional data subject rights under data privacy laws including the following:
The right to request information about the purpose of the processing; the categories of personal data concerned; who else outside BlueSnap might have received the data from BlueSnap; what the source of the information was (if you did not provide it directly to BlueSnap); and how long it will be stored.
You have a right to correct the record of your personal data maintained by BlueSnap if it is inaccurate. You may also request that we cease using your data for direct marketing purposes.
Right of erasure: this is a right to erasure of personal information that we hold about you if it is no longer necessary in relation to the purpose for which it was originally collected. Please note that BlueSnap may need to retain certain data to complete transactions, perform refunds, maintain underwriting records or comply with legal obligations, tax and accounting requirements, etc.
Right to restrict processing of your personal information in certain circumstances, for example where such data is inaccurate or unlawfully held.
Right to data portability: this right is available in certain circumstances to receive your personal information in a structured, commonly used format and to have such data transferred to another service.
In order to exercise any of these rights please contact us as follows:
Shoppers should contact us at [email protected] and Merchants should contact us at [email protected]
Please note that in situations where you are shopper your request to exercise a statutory right may need to be referred to the merchant who supplied the product.
Where you have provided consent to passing of personal information or cookie information to BlueSnap through an online consent form, you have the right to withdraw such consent, usually through a similar method as the original consent was given.
You may also have the right to complain to an EU/EEA or UK data protection authority about our collection and use of your personal information.
Payment data
Personal payment information such as credit card numbers, bank account information, name, email address and phone number is routinely collected and passed on to authorized payment processors, banks, acquirers, and credit card companies in order to make payments authorized by BlueSnap customers. Such information is handled through industry standard secure protocols and where appropriate in accordance with relevant Payment Card Industry (PCI) compliance standards. Such data may also be passed when making payment through mobile devices.
Payment data may also be encrypted and securely stored by BlueSnap and appropriate merchants and product suppliers in accordance with PCI standards. When expressly directed and approved by a customer it may be used to generate recurring or new transactions as requested by such customer. Transaction details may also be passed to relevant taxation authorities in respect of sales taxes, VAT, GST, withholding tax, and other relevant taxes and duties.
Minors
BlueSnap does not actively market to children and we never knowingly ask a child under 13 to divulge personal information. Services and Information available to registered users on this site are NOT INTENDED FOR USE BY ANY PERSON UNDER THE AGE OF 18.
Please note that if it comes to our attention through reliable means that a registered user is under 18, we will cancel that user’s account. Online payment transaction forms are not provided for use in any event by persons under 18 years of age.
External links
BlueSnap offer links to other websites. Please note: when clicking on links to other websites, we encourage you to read their privacy policies. Their standards may differ from ours.
Social Media Widgets
Our online properties may include social media features, such as the Facebook and Twitter buttons and widgets, such as a ‘Share this’ button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing it.
Forums and Group Boards
The BlueSnap website may offer comment facilities, forums and message boards. Please be advised that information voluntarily posted in these venues becomes public knowledge. To request removal of your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Changes in this policy & notification
BlueSnap reserves the right to change this policy as and when it sees fit. If our policy on information collection or uses changes, we will advise you by posting a dated copy here and you are advised to visit this page regularly to check for updates. If you are a registered BlueSnap merchant then you will also be advised via email. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this site prior to the change becoming effective.
Opt out process
You have the option not to be added to mailing lists operated by BlueSnap or a merchant/product supplier. In the case of opt out, such decision will be relayed to the relevant product supplier. To exercise your opt out rights, please send an email to [email protected] requesting that your personal information be deleted from any mailing lists operated by BlueSnap or your product supplier. BlueSnap will act on your request and inform your merchant/product supplier of your request in order to fully respect your decision. You may also follow the unsubscribe instructions located at the bottom of the emails you receive.
Australian Privacy Rights
BlueSnap complies with The Australian Privacy Act 1988 (Commonwealth) and the Australia Privacy Principles. Further information is available here.
Cookie Policy and Tracking Technologies
Please click here to review our Cookie Policy and learn about our use of tracking technologies.
California & US State Privacy Rights
Residents of the State of California have additional statutory rights afforded by the California Civil Code, including the California Consumer Privacy Act of 2018, the “CCPA”, and as from 1st January 2023 these rights have been extended to cover data transfers in connection with business to business matters and employees. In addition, Virginia (effective January 1, 2023), Colorado (effective July 1, 2023), Connecticut (July 1, 2023), and Utah (December 31, 2023) have passed State laws extending similar privacy rights to consumers.
As the rules relating to some of these laws are still to be finalized, BlueSnap shall continue to monitor the situation and update this notice and internal practices accordingly.
California and relevant US State residents should read these provisions in addition to the previous sections of this Policy.
In the vast majority of cases BlueSnap will be acting as a service provider to a merchant from which a shopper has purchased goods and services. In such situations you should first contact your merchant to exercise your statutory rights. If necessary the merchant will then contact BlueSnap to assist in actioning your request.
In some exceptional cases relating to sales of goods and services BlueSnap will be deemed to be acting as a’ merchant of record’ and you should contact BlueSnap directly.
Please note that BlueSnap may still need to retain certain data to complete transactions, perform refunds, maintain underwriting records or comply with legal obligations, tax and accounting requirements, etc. If this is the case BlueSnap will advise accordingly.
BlueSnap may have collected personal data from you through an information form or phone call and in such cases you should exercise your rights directly through BlueSnap.
The CCPA grants California residents the following statutory rights relating to personal information:
- Right to request disclosure of the categories of personal data held, the categories of the sources of such data, the purposes for which it is held and the categories of personal data is disclosed to third parties.
- Right to request details of the personal information relating to you that has been collected in the prior 12 months.
- Right to request deletion of such data. Certain exceptions may apply.
- Right to request that personal data not be sold to third parties – not applicable to BlueSnap at present
- Right not to be discriminated against
Table: Categories of Data Usage, Source, Purpose and Disclosure – CCPA
Data Categories | Source Categories | Purpose/Use | Disclosed |
---|---|---|---|
Identifiers: contact details, cookies | Payment forms, information request forms, comment submissions, cookie technology, web & usage logs, emails, letters, phone calls, support center records, social media inputs, apps, interviews, submitted documents | Processing payment, order & transaction fulfillment, analytics, tracking, marketing, advertising, sales, invoicing, customer support, refunds, verifying customer information, customer profiling, internal research & development, product upgrade, Customer experience, debugging, quality assurance, safety, detecting and protecting against security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, prosecution those responsible for such activity, compliance with laws and regulations, tax requirements, industry and contractual requirements, recruitment. | Yes |
Protected Information: name, payment data, user name, password, payment card details | Yes | ||
Commercial information: purchase records, purchase histories, purchase tendencies | Yes | ||
Internet/electronic activity: browsing history, search history, web site, application or ad interaction | Yes | ||
Geolocation | Yes | ||
Audio data | Yes | ||
Professional- or employment-related data | No | ||
Education data | No | ||
Inferences from all above | Yes |
Table Categories of Data and Categories of Third Party Disclosure – CCPA
Data Categories | |
---|---|
Identifiers: contact details, cookies | Fraud review services, analytics and marketing services, payment processors, banks, card payment providers, law enforcement |
Protected Information: name, payment data, user name, password, payment card details | Fraud review services, analytics and marketing services, payment processors, banks, card payment providers, currency exchange services, law enforcement, email services, CRM services |
Commercial information: purchase records, purchase histories, purchase tendencies | Fraud review services, analytics and marketing services, |
Internet/electronic activity: browsing history, search history, web site, application or ad interaction | Fraud review services, analytics and marketing services, payment processors, CRM services, social media application services |
Geolocation | Fraud review services, analytics and marketing services, payment processors, banks, card payment providers, law enforcement, email services, CRM services, social media application services |
Audio data | Fraud review services, analytics and marketing services, payment processors, banks, card payment providers, law enforcement, email services, CRM services |
BlueSnap collects personal information as set out in the above category tables as designated by the CCPA.
BlueSnap does not sell, disclose or share your personal information for valuable consideration. As a result there is no opt-out of sale process.
Making a Request in Support of your Statutory Rights
California residents may make a request relating to statutory rights by completing an online form or by free phone service 866-312-7733.
If your data was submitted as part of a purchase transaction you are reminded to first check if your request should be submitted to the relevant merchant.
You will be asked to confirm that you are a California resident and in the process of servicing your request BlueSnap may require you to verify your identity in accordance with the CCPA. Verification procedures include: providing details of any relevant purchase such as an order number, product purchase, date of purchase, location, contact information, information submitted, etc.
BlueSnap shall provide an initial response within 10 days. Your request will normally be completed within 45 days.
A request for a copy of personal information can only be made twice in any 12-month period.
Do Not Track Signals
BlueSnap does not respond to “do not track” (DNT) signals transmitted from web browsers and therefore does not alter any of data collection and use practices upon receipt of such a signal.
Brazilian Privacy Rights
Users who reside in Brazil have the benefit of Lei Geral de Protecao de Dados (LGPD).
The grounds on which BlueSnap processes your personal information
BlueSnap processes your personal information solely if we have a legal basis for such processing as set out under the LGPD. The most relevant are:
- your consent to the relevant processing activities;
- compliance with a legal or regulatory obligation that lies with us;
- the carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;
- the exercising of our rights in judicial, administrative or arbitration procedures;
- our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests.
- To find out more about the legal bases, you can contact BlueSnap at any time using the contact details provided in this document.
Categories of personal information processed
To find out what categories of your personal information are processed, see the section above titled “The Information BlueSnap Collects.”
Why we process your personal information
To find out why we process your personal information, see the section above titled “Use of Information Collected.”
Your Brazilian privacy rights, how to file a request and BlueSnap’s response to your requests
Your Brazilian privacy rights
You have the right to:
- obtain confirmation of the existence of processing activities on your personal information;
- access to your personal information;
- have incomplete, inaccurate or outdated personal information rectified;
- obtain the anonymization, blocking or elimination of your unnecessary or excessive personal information, or of information that is not being processed in compliance with the LGPD;
- obtain information on the possibility to provide or deny your consent and the consequences thereof;
- obtain information about the third parties with whom we share your personal information;
- obtain, upon your express request, the portability of your personal information (except for anonymized information) to another service or product provider, provided that our
commercial and industrial secrets are safeguarded; - obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in art. 16 of the LGPD apply;
- revoke your consent at any time;
- lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;
- oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law;
- request clear and adequate information regarding the criteria and procedures used for an automated decision; and
- request the review of decisions made solely on the basis of the automated processing of your personal information, which affect your interests. These include decisions to define
- your personal, professional, consumer and credit profile, or aspects of your personality.
You will not be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.
How to file your request
You can file your express request to exercise your rights free from any charge, at any time, by contacting us at [email protected], and referencing the LGPD.
How and when BlueSnap will respond to your request
BlueSnap will strive to promptly respond to your requests. In any case, should it be impossible for us to do so, we will make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests, if we are in the position to do so.
In the event that you file an access or personal information processing confirmation request, please make sure that you specify whether you would like your personal information to be delivered in electronic or printed form.
BlueSnap will respond within 15 days from the time of your request, providing you with information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.
Transfer of personal information outside of Brazil permitted by the law
BlueSnap is allowed to transfer your personal information outside of the Brazilian territory in circumstances provided by the LGPD.
Previous Versions:
v.2.5 Date: 27 December 2022
v.2.4 Date: 23 March 2022
v.2.3 Date: 28 September 2021
v.2.2 Date: 09 October 2020
v.2.1 Date: 31 December 2019
v.2.0 Date: May 25, 2018
v1.13 Date: April 12, 2017
v1.12 September 14, 2016
v1.11 January 28, 2016
v1.10 December 21, 2014
v1.9 July 10, 2014
v1.8 July 7, 2013
v1.7 December 2, 2012
v1.6 November 12, 2012*
v1.5 April 10, 2012
v1.4 March 1, 2010
v1.3 February 12, 2007
*References to BlueSnap Inc. added April 3rd, 2012