(Updated January 1, 2019)
- What information Vesta collects and how it is collected.
- How Vesta uses information
- Retaining and deleting personal data
- To whom Vesta may disclose information.
- How Vesta protects information.
- How individuals may access personal information to correct or delete it.
- Cross Border Transfers of your Information.
We do not provide data to third party marketing companies. However, in limited circumstances we will share some of your information with third parties under strict restrictions, as described in more detail within this policy
What information Vesta collects and how it is collected.
This policy covers Vesta’s treatment of personally identifiable information collected when you visit trustvesta.com. This policy does not cover any other Vesta owned sites or any sites operated by Vesta on behalf of our clients. Information collected by Vesta on sites operated on behalf of our clients is covered by their respective customer privacy policies.
Information Collection and Use
In order to protect all our customers against potential fraud, we verify the information you provide with merchant acquirers. During such verification, we receive personally identifiable information about you from such services. In particular, if you register a credit card or debit card or bank account with Vesta, we will use card authorisation services to verify that your bank or card information and address match the information you supplied to Vesta, and that the card has not been reported as lost or stolen.
We may also collect information about you from other sources, including other companies (subject to their privacy policies and applicable law).
How Vesta uses information
We receive, hold and process your data on servers located in Ireland and at other Vesta facilities in the U.S. You agree that we may use your personal information to:
- process transactions and provide the Vesta Services;
- verify your identity, including during payment device registration and password/ PIN reset processes;
- resolve disputes, collect fees, and troubleshoot problems;
- provide you with customer support services;
In addition, when you use the Vesta services or process payment transactions with Vesta, we use the provided information to verify and append information to prevent and combat fraud; to comply with government regulations and card association rules; and to perform various research and analytics. We continue to use information you provide internally for record keeping, internal reporting, and support purposes, and to compile and disclose information in the aggregate where individual or user information is not identifiable.
Retaining and deleting personal data
Our data retention policies and procedures are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of your personal data. Personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose. Notwithstanding this, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
To whom Vesta may disclose information
Vesta may disclose your information under the following circumstances:
- To Vesta employees, contractors and agents to assist with any Vesta products and services provided to you or by us now or in the future.
- To payment processors and banks in connection with processing your payments and in response to the requirements of the credit card associations or a civil or criminal legal process.
- In order to help Vesta with fraud prevention, debt collection, emergency services, crime prevention, anti-money laundering and counter-terrorist financing verification requirements, we may disclose information about you to debt collection agencies, fraud prevention agencies, security agencies, financial institutions, emergency services, crime prevention agencies and telecommunications companies.
- To other suppliers we engage to process data on our behalf in connection with providing Vesta services to you.
- We may provide aggregate information and statistics to third parties, for example, content partners and advertisers. These statistics will not include information that can be used to identify any individual.
- We may disclose personal information collected from you to persons or companies that we retain to carry out promotions and other activities for which you have registered or in which you have otherwise asked to participate.
- We may be required to disclose personal information in response to a lawful request by public authorities, including to meet European or national security or law enforcement requirements.
How Vesta protects information
Vesta provides physical, electronic, and procedural safeguards to protect information we process and maintain. We use safeguards such as firewalls and data encryption and we enforce physical access controls to our buildings and files. Any information you make available to Vesta while using the Vesta services is encrypted using Secure Socket Layer (SSL) technology. This helps protect information from being intercepted and misused by third parties when it is traveling over the Internet. When Vesta receives your information, it is stored on a secure server and is only accessed by authorized personnel. Please be aware that although Vesta takes steps to create a secure environment for personal information, Vesta cannot guarantee the security of any personal information transmitted online. Vesta will make reasonable attempts to notify you if there is a security breach involving your information which results in a risk of identity theft or as otherwise required by law.
How individuals may access personal information to correct or delete it.
Vesta will retain information for as long as you use the Vesta services and for a reasonable time thereafter. Individuals whose personal data Vesta is processing have rights under GDPR to access, correct or delete their personal data. If you’d like us to correct or delete personal information that you have provided, please contact us at email@example.com. and we will respond in a reasonable time. Please note that we may be required or permitted to retain certain information by law. If you become aware of any inaccuracies in the personal or company information you have provided, you must notify us and correct them as soon as possible.
Cross Border Transfers of your Information
Vesta is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EU.
Please be aware that your information may be transferred to and processed in the U.S. By using the Vesta services, you consent to such transfer and processing. Vesta participates in and complies with the EU-US Privacy Shield Framework regarding the collection, use and retention of personal information from European Union member countries. In addition, Vesta has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability.
We do not market to or knowingly solicit data from children under the age of 18. A customer must be at least 18 years old in order to use the Vesta services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at firstname.lastname@example.org. We will delete the information from our files within a reasonable time.