Privacy Notice

Privacy Notice

Last Updated: December 31, 2022

At Heartland, a Global Payments Company, we respect your concerns about privacy. This Privacy Notice (“Notice”) describes how we collect and use personal information about the prospects and customers to whom we sell our business-to-business products (“Solutions”), as well as about the users of and visitors to our websites, forums and blogs (“Sites”) and the users of our web and mobile applications (“Apps”) that link to this Notice. For the purposes of this Notice, “Heartland”, “we,” “us” and “our” refer to Heartland Payment Systems, LLC, and our subsidiaries and affiliates, as the context requires, and the term “Services” refers to our Solutions, Sites and Apps together.

Please note that our practices with respect to your personal information may vary depending on the range of Services we provide to you and the jurisdiction-specific requirements applicable to the jurisdiction in which you are located. For that reason, we may provide a separate privacy notice to you before collecting your personal information in connection with a particular Service. In addition, if you are a Heartland customer, the terms of our contractual agreement with you may contain more specific provisions relating to data use and data privacy. If you have received a separate privacy notice or signed a contractual agreement containing more specific data privacy or data use terms, in means that the terms of that notice or agreement will govern our processing of your personal information with respect to the relevant Service. If you have not received a separate notice or signed a contractual agreement containing more specific data privacy or data use terms, it means that our collection and processing of your personal information in connection with the relevant Service will be consistent with this Notice.

Heartland provides payment and payroll processing products and related services to commercial and non-commercial enterprises. Our Solutions include payment card processing, check recovery, cash access services, point-of-sale terminal management and support, merchant accounting, funds transfer, and payroll processing and management services. In order to provide the Solutions to our customers, we routinely collect and retain personal information about our customers, as well as about the third parties with whom our customers interact using the Solution. When we process personal information about third parties such as the consumers (for our payment Solutions) or the customer employees (for our payroll Solutions) with whom our customers interact using the Solutions, we do so as a service provider to our customers, and our customers are responsible for providing a privacy notice to those third parties detailing the processing of their personal information, including by Heartland. Such third-party processing is not covered by this Notice.

Please read this Notice carefully. If you have any questions, you may contact us at [email protected] or by using the methods provided in the “Contact Us” section below.

Personal Information We Collect

Depending on the nature of the Service we provide to you, and subject to your consent if required by law, we may collect the following categories of personal information:

  • Identifiers (including name and contact details such as telephone number, email address and postal address)
  • Sensitive Personal Information (including sensitive identifiers, such as Social Security Number, as well as financial account information and username and password)
  • Commercial Information (such as your purchase history, records relating to your account(s) and your business relationship with us, and records indicating your preferences regarding related products and services which may be of interest to you)
  • Internet/Electronic Activity (including basic web browsing data, as well as information collected from cookies and other tracking technologies that may capture location, device identifier, usage and browsing history)
  • Employment Information (such as your employment by and title with one of our customers)
  • Geolocation Information (to the extent such can be inferred from your contact information or from your Internet/Electronic Activity)
  • Communication Contents and Metadata (for any communication you may have with us, including customer service call transcripts, recordings, chat transcripts, and any information you provide when you participate in any interactive feature within our Sites and Apps)
  • Inferences Drawn from the Foregoing (such as your preferences and characteristics)

Sources of Personal Information

Information that you provide to us: We collect personal information that you provide to us when you set up an account with us, use our Services, or communicate with us. For example, if you register for an online account with us, we may request your name, contact information and business information. Providing us with personal information about yourself is voluntary, and you can always choose not to provide certain information, but then you may not be able to take advantage of or participate in some of the services.

Information collected from third parties: We may collect information about you from third parties in the course of providing our Services to you. For example, we may collect personal information like your name and contact information from a referral partner or other third-party in order to contact you about the Services we provide. We may also receive business related information about you from third party companies that supplement our business customer records with firmographic and professional information.

Information collected through technology: When you visit our Sites or Apps or interact with an email we send to you, we may collect certain information automatically such as your account or device identifier, and usage information such as pages that you visit, information about links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our services. You have the ability to express your preference regarding some of the ways we collect information through technology in some of our services (see “Cookies and Other Tracking Technologies” for more information).

How We Use the Personal Information We Obtain

Subject to your consent if required by law, we may use your personal information for the following business purposes:

  • To contact you regarding any inquiry you make or to fulfill a request, such as, for example, a request for information about our Services;
  • To improve and personalize your experience when you use our Services;
  • To provide and improve our Services and for the development of future Services;
  • For internal recordkeeping and administration of records;
  • For auditing related to a current interaction with a consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with laws and other standards;
  • For detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
  • To verify the validity and status of any financial account offered to us or to the Services as a payment method;
  • For internal research for technological development and demonstration;
  • To verify or maintain the quality or safety of our Services and to improve, upgrade, or enhance our Services;
  • To contact you by email and, if you have signed up for the service, to share e-newsletter or any other updates, communications or publications;
  • For direct marketing purposes, subject to your consent if required by applicable law (see “Managing Your Preferences” below);
  • As necessary to set up and administer your sign up to, and use of, the log in facility available on the Sites and Apps; and
  • For compliance with applicable laws and/or regulations and as otherwise required or permitted by applicable laws and/or regulations.

Our Processing of Sensitive Personal Information: Sensitive Personal Information includes personal information defined as sensitive under applicable privacy and data protection laws. When we collect Sensitive Personal Information about you, we will limit our use and disclosure of that information to what is necessary to perform the Services, unless we are required to do otherwise under applicable laws. In addition to processing Sensitive Personal Information as required to perform the Services, we may process Sensitive Personal Information to detect and prevent security incidents or fraud, to ensure the physical safety of natural persons, for short-term transient uses (when consistent with the purpose for which the information was collected), and to verify or maintain the quality or safety of any Services we perform. Under some privacy and data protection laws, you may have the right to limit the processing of your Sensitive Personal Information. You can find more information about your rights in other sections of this Notice, including any applicable section directed at residents of the state or country in which you reside.

How we Share the Personal Information We Collect

Except as otherwise specified, we may share any of the categories of your personal information in the manner and for the purposes described below:

  • With Heartland affiliates where such disclosure is necessary to provide the Services or to manage our business (see “Our Relationship with Affiliate Companies” below).
  • With service providers whose systems, applications, products or services help us to provide the Services. For example, we share personal information with IT service providers who help manage our back office systems or administer our Sites and Apps. These service providers have agreed to confidentiality restrictions and have agreed to use any personal information we share with them, or which they collect on our behalf, for the purpose of providing the contracted service to us.
  • With referral partners if you were referred to Heartland for Services via such partner. For example, if you were referred to Heartland by an independent services organization, we may share information with the referring partner in accordance with our business relationship with you and that partner, consistent with any privacy notice shared with you by either party at the time of the collection of your personal information.
  • We may share identifiers with logistics service providers to enable the delivery of packages to individuals.
  • We may share Internet/Electronic Activity information (see “Cookies and Other Tracking Technologies” below) with advertisers, social media networks, and analytics providers for marketing purposes, to help us measure our ad campaigns, and to better understand how individuals interact with our Sites and Apps.
  • With other third parties with whom you direct us to share defined categories your personal information.

Heartland may also disclose personal information about you if it believes such disclosure is necessary to comply with laws or respond to lawful requests and legal process, to enforce our agreements, policies and terms of use and to protect or defend the rights, safety or property of Heartland, users of the Services or any person.

In addition, subject to applicable legal requirements, we may share personal information in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business assets to another company.

Unless otherwise disclosed in a separate notice, and subject to your consent where required by applicable law, we do not sell your personal information to third parties for monetary compensation, and we do not share your personal information with third parties for cross-context behavioral advertising.

Our Relationship with Affiliate Companies (Including Sharing and Cross-Border Transfers)

Subject to your consent if required by applicable law, we may appoint an affiliate company to process personal information in a service provider role. In most cases, we will remain responsible for that company’s processing of your personal information pursuant to applicable data privacy laws.

Because our affiliate companies are located around the globe, your personal information may be transferred to and stored in the United States or in another country outside of the country in which you reside, which may be subject to different standards of data protection than your country of residence.

We take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.

Login Details and Your Responsibility

Subject to your consent if required by law, we will collect and process your personal information as necessary to set up and administer your sign up to, and use of, the log in facility available on our Sites and Apps. We will use “cookies” to “remember” the machine or other device you use to access our Sites (see “Cookies and Other Tracking Technologies” below). Please remember that if we contact you, we will never ask you for your password in an unsolicited email, message or phone call. If you choose to use the log in facility available on our Sites and Apps, you are required to adhere to the security procedures we establish in the documentation we provide you as part of the services.

Managing Your Preferences

Subject to your consent if required by applicable law, we may use your personal information to provide you with direct marketing information about our Services as well as those of our global affiliates and third parties. Our direct marketing may be by email, telephone, post or SMS or such other method(s) as may become relevant. In addition, we may provide direct marketing information and permit others to do that as allowed by our customers’ respective contracts.

We will take steps to seek to ensure that any direct marketing from us and which is sent by electronic means will provide a simple means for you to stop further communications, in accordance with applicable law. For example, in emails, we may provide you with an “unsubscribe” link, or an email address to which you can send an opt-out request. In addition, if we need your consent for direct marketing communications under applicable law, and if you provide your consent, you will be able to change your mind at any time.

If you are a third party who interacts with our Services for the purpose of engaging with one of our customers, and you have questions about legal rights you may have with respect to your personal information collected by our customer or by us on behalf of our customer, please consult the customer with which you have a relationship.

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have the right to:

  • Know whether we process your personal information;
  • Know how your personal information is used;
  • Access, request and receive the personal information we have collected in a portable manner;
  • Object to having your personal information sold or shared; and
  • Request that we delete your personal data.

For some users, we have additional disclosures in the sections of this Notice directed at users based on where they reside.

You may contact us using the information in the Contact Us section of this Notice for additional information about how to exercise your rights.

Information for California Residents

If you are a California resident, this section applies to you in addition to the rest of the privacy Notice.

California Shine the Light

If you are a resident of California, you may request information concerning the categories of personal information (if any) we share with third parties or affiliates for their direct marketing purposes. If you would like more information, please submit a written request to us using the information provided in the “Contact Us” section of this Notice.

Categories of Personal Information We Collect and Our Purposes for Collection and Use

You can find a list of the categories of personal information that we collect, as well as a description of how we use it, in the section titled, “Personal Information We Collect and How We Use It,” above.

Categories of Personal Information Disclosed and Categories of Recipients

We disclose the following categories of personal information for business or commercial purposes to the categories of recipients listed below:

  • We disclose Identifiers to service providers, affiliates, and third-party partners.
  • We disclose Sensitive Personal Information to service providers and affiliates.
  • We disclose Commercial Information to service providers, affiliates, and third-party partners.
  • We disclose Internet/Electronic Activity to service providers, affiliates, and third-party partners.
  • We disclose Employment Information to service providers, affiliates, and third-party partners.
  • We disclose Geolocation Information to service providers, affiliates, and third-party partners.
  • We disclose Communication Contents and Metadata to service providers, affiliates, and third-party partners.
  • We disclose Inferences to service providers, affiliates, and third-party partners.

For more information on how your information is shared, please see the “How We Share Personal Information" section, which provides more detail.

As a California resident, you have specific rights with regard to your personal information. When we act as a business for the purpose of processing your personal data you can contact us using the information provide in the “Contact Us” section of this Notice with regard to the following rights:

Right to know about personal information collected, disclosed, and sold

You have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:

  • the categories and specific pieces of personal information we have collected about you;
  • the categories of sources from which we collected the personal information;
  • the business or commercial purpose for which we collected or sold the personal information;
  • the categories of third parties with whom we shared the personal information; and
  • the categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose.

Right to opt-out of the sale of personal information

You may request that we do not sell your personal information to third parties. You may also request that we do not share your personal information for cross-context behavioral advertising.

Right to request deletion

In some circumstances, you have the right to have your personal information erased or deleted.

Right to equal service and prices (“non-discrimination”)

Your choice to exercise your privacy rights will not be used as a basis to discriminate against you in services offered or pricing.

Right to request correction

You have the right to request that we correct any inaccuracies in your personal information.

Right to limit the use and disclosure of sensitive personal information

In some circumstances, you may request that we limit the use and disclosure of your sensitive personal information.

Data Anonymization and Aggregation

Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data, for example, for statistical analysis and administration including analysis of trends, to carry out actuarial work, to tailor products and services and to conduct risk assessments and analysis of costs and charges in relation to our products and services. We may share anonymized or aggregated data with our global affiliates and with other third parties. This Notice does not restrict Heartland's use or sharing of any non-personal, summarized, derived, anonymized or aggregated information.

How we Protect and Dispose of Personal Information

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Any suspected attempt to breach our policies and procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. Suspected attempts to access or use our systems in a way that is inconsistent with our legal terms or security controls may be reported to the appropriate authorities.

Please remember that communications over the internet such as emails are not secure. We seek to keep secure all confidential information and personal information submitted to us in accordance with our obligations under applicable laws and regulations. However, like all website operators, we cannot guarantee the security of any data transmitted through the internet.

We retain the personal information we collect for different periods of time depending on what it is and how we use it. In some contexts, we will provide additional information about retention as you use the Services. When we collect your personal information, we will retain it only for as long as is necessary to complete the legitimate business or legal purposes for which we collected it and to satisfy any other legal record retention requirements. In many cases, the retention time period will correspond to the time period for which you have an account or other type of business relationship with us plus a defined period after that relationship ends, which will be determined by the applicable regulatory requirements.

Cookies and Other Tracking Technologies

A "cookie" is a text file that is stored to your browser when you visit a website. Unique device identifiers like IP address or Unique Device ID (“UDID”) recognize a visitor's computer or other device used to access the internet. We use UDIDs alone and in conjunction with cookies and other tracking technologies for "remembering" computers or other devices used to access the Sites and Apps. We also use cookies or similar tracking technologies to help us remember information about your visit to the Sites, like your country, language and other settings. Tracking technologies allow us to understand who has seen which websites, advertisements, or emails we have sent; to determine how frequently particular pages are visited; and to determine the relevance and effectiveness of our messages. They can also help us to operate our Sites more efficiently and make your next visit easier. Cookies and other tracking technologies can allow us to do various other things, as explained further below.

Cookies can be classified by duration and by source:

Duration. The Sites use both “session” and “persistent” cookies. Session cookies are temporary - they terminate when you close your browser or otherwise end your “active” browsing session. Persistent cookies remember you on subsequent visits. Persistent cookies are not deleted when you close your browser, and they will remain on your computer or other device unless you choose to delete them (see below for “How to Delete or Block Cookies”).

Source. Cookies can be “first-party” or “third-party” cookies, which means that they are either issued by or on behalf of Heartland or by a third-party operator of another website. For an example of a third-party cookie, our Sites may contain features like videos hosted by other companies, which would set a cookie that can be read by the host. Our Sites may use both first-party and third-party cookies.

The cookies and tracking technologies that we may use on the Sites fall into the following categories:

Strictly Necessary. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions taken by you such as logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking them may impede the functionality of the Sites.

Performance. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Functionality. These cookies enable the Sites to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some of these services may not function properly.

Targeting. These cookies may be set through our Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

How to Delete or Block Cookies and Other Tracking Technologies

On some Sites, when technically feasible, we will enable tools to help you make choices about cookies and other tracking technologies. You may also delete or block cookies at any time by changing your browser settings. You can click “Help” in the toolbar of your browser for instruction or review the cookie management guide produced by the Interactive Advertising Bureau available at www.allaboutcookies.org. If you delete or block cookies, some features of the Sites may not function properly.

Heartland may provide links on our Sites to other websites that are not under our control. We do not endorse or make any warranty of any type regarding the content contained on such websites or products and services offered on those websites. We make no representation regarding your use of such websites. Please be aware that we are not responsible for the privacy practices of the operators of other websites. We encourage our users to be aware when they leave our Sites and to read the privacy statements of each and every website that collects personal information. This Notice applies solely to information collected by us. You should read any other applicable privacy and cookies notices carefully before accessing and using such other websites.

Children

Our Services are not intended for use by children. We do not solicit or knowingly accept any personal information from persons under the age of 18, and we do not sell or share personal information of consumers under age 18. Please do not use our Services if you are under the age of 18.

Changes and Updates

We reserve the right, in our sole discretion, to modify, update, add to, discontinue, remove or otherwise change any portion of this Notice, in whole or in part, at any time. When we amend this Notice, we will revise the “Last Updated” date located at the top of the document. We will also take reasonable steps to ensure you are made aware of any material updates including providing you direct communication about such changes or providing a notification through the Services, as appropriate. If you provide personal information to us or access or use our Sites after this Notice has been changed, you will be deemed to have unconditionally consented and agreed to such changes. The most current version of this Notice will be available on the Sites and Apps and will supersede all previous versions of this Notice.

Choice of Law

Except where prohibited by law, this Notice, including all revisions and amendments thereto, is governed by the laws of the United States, State of Georgia, without regard to its conflict or choice of law principles which would require application of the laws of another jurisdiction.

Arbitration

Except where prohibited by law, by using our Sites, you unconditionally consent and agree that: (1) any claim, dispute, or controversy (whether in contract, tort, or otherwise) you may have against Heartland and/or its parent, subsidiaries, affiliates and each of their respective members, officers, directors and employees (all such individuals and entities collectively referred to herein as the "Heartland Entities") arising out of, relating to, or connected in any way with the Services or the determination of the scope or applicability of this agreement to arbitrate, will be resolved exclusively by final and binding arbitration administered by Judicial Arbitration and Mediation Services, Inc. (“JAMS”) and conducted before a sole arbitrator in accordance with the rules of JAMS; (2) this arbitration agreement is made pursuant to a transaction involving interstate commerce, and shall be governed by the Federal Arbitration Act ("FAA"), 9 U.S.C. §§ 1-16; (3) the arbitration shall be held in Atlanta, Georgia; (4) the arbitrator's decision shall be controlled by the terms and conditions of this Notice and any of the other agreements referenced herein that the applicable user may have entered into in connection with the Services; (5) the arbitrator shall apply Georgia law consistent with the FAA and applicable statutes of limitations, and shall honor claims of privilege recognized at law; (6) there shall be no authority for any claims to be arbitrated on a class or representative basis, arbitration can decide only your and/or the applicable Heartland Entity's individual claims; the arbitrator may not consolidate or join the claims of other persons or parties who may be similarly situated; (7) the arbitrator shall not have the power to award punitive damages against you or any Heartland Entity; (8) in the event that the administrative fees and deposits that must be paid to initiate arbitration against any Heartland entity exceed $125 USD, and you are unable (or not required under the rules of JAMS) to pay any fees and deposits that exceed this amount, Heartland agrees to pay them and/or forward them on your behalf, subject to ultimate allocation by the arbitrator. In addition, if you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, Heartland will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive; and (9) with the exception of subpart (6) above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the rules of JAMS, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, subpart (6) is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor Heartland shall be entitled to arbitrate their dispute. For more information on JAMS and/or the rules of JAMS, visit their website at www.jamsadr.com.

If you have questions about this Notice, or if you want to exercise your rights as described in this Notice, you may submit a request by completing this form or may contact us as follows:

Heartland Payment Systems, LLC
3550 Lenox Rd NE, Suite 3000
Atlanta, GA 30326
[email protected]
888-963-3600

Or you may contact us using the “Contact Us” link on our corporate webpage.

In order to honor any access or deletion request, we will require you to provide enough information for us to verify your identity. For example, we may ask you for information associated with your account, including your contact information or other identifying information. If you designate an authorized agent to make a rights request on your behalf, we may require proper proof of that authorization as well as direct verification of your identity from you.

For Texas Residents

For Texas residents that have used Heartland to conduct a money transmission or currency exchange transaction:

If you have a complaint, first contact the consumer assistance division of Heartland Payroll Solutions, Inc. at 1-877-729-2968. If you are a customer located in Texas, and you are unable to resolve your complaint regarding Heartland Payroll’s payroll services provided to you, please direct your complaint to: Texas Department of Banking, 2601 North Lamar Boulevard, Austin, Texas 78705, 1-877-276-5554 (toll free), www.dob.texas.gov.