Vesta EU Supplemental Privacy Policy

(Updated January 1, 2019)

Vesta Corporation is located at 5400 Meadows Road, 5th Floor, Lake Oswego, OR 97035 USA. This Vesta EU Supplemental Privacy Policy (“EU Privacy Policy”) applies to Vesta Corporation and also to Vesta Payment Solutions, Ltd., located at Vesta Building, Finnabair Business Park, Dundalk, County Louth, Ireland A91 E934. (In this EU Privacy Policy, Vesta Corporation and Vesta Payment Solutions, Ltd. are collectively referred to as “Vesta”).

This EU Privacy Policy is in addition to the general Vesta privacy policy located at If you or your customers are located in the European Union, the Vesta services and the information that Vesta collects and processes are subject to the additional terms in this privacy policy. Whenever there is a difference between this EU Privacy Policy and the general Vesta privacy policy, this EU Privacy Policy applies instead. In addition, if you or your customer are parties to a written agreement with Vesta, the terms and conditions of that written agreement may provide rights and protections in addition to this EU Privacy Policy.

When you or your customers are using the Vesta services, Vesta is committed to the privacy and security of the information it collects. This EU Privacy Policy describes the following important topics for users of the Vesta services:

  • What information Vesta collects and how it is collected.
  • How Vesta uses information.
  • To whom Vesta may disclose information.
  • How Vesta protects information.
  • How individuals may access personal information to correct or delete it.
  • How to contact Vesta for privacy inquiries and complaints.
  • What independent third party to contact for resolving privacy disputes.

Vesta’s Participation in EU Privacy Shield

Vesta participates in and complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries. Vesta has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this EU Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit

Types of Information Collected

If you are an individual customer, Vesta may collect the following types of information:

  • When you use the Vesta services, you provide us with basic information about you, which may include name, mailing address, postal code, email address, telephone number, credit card number, debit card number, card expiration date, CVV number, bank account number, merchant identification, personal identification number, cookies, time zone, language, browser information, JavaScript settings, type of mobile device, mobile carrier, demographic information and any other information that Vesta may collect in order to process payments. The specific types of information we collect may change from time to time based on the nature of the services we provide to you. We may reach out to third party service providers for more information based on the information you have given. If you are a merchant, Vesta may collect the following types of information:


  • When your company uses the Vesta services, Vesta may collect any or all of the personal information described above regarding your customers.
  • We may collect a variety of information regarding your merchant activities with your customers, including but not limited to information regarding your order amounts and volume; order processing and handling time; abandon rates and completion rates of transactions; chargeback and refund amounts and percentages; customer fraud rates; and payment method patterns and volumes.

Purposes and Uses of Collected Information

Vesta uses the information it collects to provide you or your customers with the Vesta services and to help us review, develop and improve the products and services we offer.

In addition, when you or your customers use the Vesta services or process payment transactions with Vesta, we use the provided information to facilitate and complete the transactions; to validate customer or card information; to verify and append information to prevent and combat fraud; to comply with government regulations and card association rules; and to perform various research and analytics.

We continue to use information you or your customers provide internally for record keeping, internal reporting, and support purposes, and to compile and disclose information in the aggregate where individual or user information is not identifiable.

Disclosure of Collected Information

Vesta may disclose your and your customers’ information under the following circumstances:

  • To Vesta employees, contractors and agents to assist with any Vesta products and services provided to you or your customers by us now or in the future.
  • To third party service providers in connection with ongoing merchant activity, including for underwriting, background checks and financial checks.
  • To third party service providers in connection with customer support administration.
  • To payment processors and banks in connection with processing your or your customers’ payments and settling the funds.
  • In order to help Vesta with fraud prevention, debt collection, emergency services and crime prevention purposes, we may disclose information about you or your customers to debt collection agencies, fraud prevention agencies, security agencies, financial institutions, emergency services, crime prevention agencies and telecommunications companies.
  • To other suppliers we engage to process data on our behalf in connection with providing Vesta services to you or your customers.
  • We may provide aggregate information and statistics to third parties, for example, content partners and advertisers. • These statistics will not include information that can be used to identify any individual.
  • We may disclose personal information collected from you or your customers to persons or companies that we retain to carry out promotions and other activities for which you or your customers have registered or in which you or your customers have otherwise asked to participate.
  • We may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Other than as described above, Vesta does not disclose customer information to third parties. In the event that Vesta’s practice regarding disclosure of customer information to third parties should change in the future, Vesta will provide a clear, conspicuous and readily available mechanism for customers to opt out of such information disclosures.


Protection of Collected Information

Vesta provides physical, electronic, and procedural safeguards to protect information we process and maintain. Any information you or your customers make available to Vesta in the course of using the Vesta services is encrypted using Secure Socket Layer (SSL) technology. This helps protect information from being intercepted and misused by third parties when it is traveling over the Internet. When Vesta receives your or your customers’ information, it is stored on a secure server and is only read by authorized personnel. Please be aware that although Vesta takes steps to create a secure environment for personal information, Vesta cannot guarantee the security of any personal information transmitted online. Vesta will make reasonable attempts to notify you or your customers if there is a security breach involving your information which results in a risk of identity theft or as otherwise required by law.

Management, Access, Correction or Deletion of Collected Information

Vesta will retain information for as long as you or your customers use the Vesta services and for a reasonable time thereafter. Individuals whose personal data Vesta is processing have rights under Privacy Shield to access, correct or delete their personal data. If you’d like us to correct or delete personal information that you have provided, please contact us at and we will respond in a reasonable time. Please note that we may be required or permitted to retain certain information by law. If you become aware of any inaccuracies in the personal or company information you have provided, you must notify us and correct them as soon as possible.

Onward Transfers to Third Parties

It may be necessary to transfer your or your customers’ personal information to third parties, which may include third parties located in countries outside of the European Union or the United States. Pursuant to the Privacy Shield Framework, Vesta remains liable for the onward transfer of personal data to third parties unless we can prove we were not a party to the events giving rise to the damages.

EU Privacy Inquiries, Complaints and Dispute Resolution

For EU customers, please be aware that your information may be transferred to and processed in the U.S. By using the Vesta services, you consent to such transfer and processing. If you are a merchant, you are responsible for ensuring that your EU customers are aware and have consented to the transfer and processing of their information.

In compliance with the EU-US Privacy Shield Principles, Vesta commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this EU Privacy Policy should first contact Vesta at

Vesta has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances you or individuals whose personal data Vesta is processing may be able to invoke binding arbitration before the Privacy Shield Panel of the U.S. Department of Commerce and the European Commission.

Vesta is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) under Privacy Shield.


We do not market to or knowingly solicit data from children under the age of 18. A customer must be at least 18 years old in order to use the Vesta services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at We will delete the information from our files within a reasonable time.


This EU Privacy Policy may be updated from time to time for any reason. We will post the new EU Privacy Policy here. You are advised to consult this EU Privacy Policy regularly for any changes.

Contact Us

If you have any questions or suggestions regarding the EU Privacy Policy, please email us at