(Updated January 1, 2019)
- What information Vesta collects and how it is collected.
- How Vesta uses information.
- To whom Vesta may disclose information.
- How Vesta protects information.
- How individuals may access personal information to correct or delete it.
- How to contact Vesta for privacy inquiries and complaints.
- What independent third party to contact for resolving privacy disputes.
Vesta’s Participation in EU Privacy Shield
Types of Information Collected
If you are an individual customer, Vesta may collect the following types of information:
- When your company uses the Vesta services, Vesta may collect any or all of the personal information described above regarding your customers.
- We may collect a variety of information regarding your merchant activities with your customers, including but not limited to information regarding your order amounts and volume; order processing and handling time; abandon rates and completion rates of transactions; chargeback and refund amounts and percentages; customer fraud rates; and payment method patterns and volumes.
Purposes and Uses of Collected Information
Vesta uses the information it collects to provide you or your customers with the Vesta services and to help us review, develop and improve the products and services we offer.
In addition, when you or your customers use the Vesta services or process payment transactions with Vesta, we use the provided information to facilitate and complete the transactions; to validate customer or card information; to verify and append information to prevent and combat fraud; to comply with government regulations and card association rules; and to perform various research and analytics.
We continue to use information you or your customers provide internally for record keeping, internal reporting, and support purposes, and to compile and disclose information in the aggregate where individual or user information is not identifiable.
Disclosure of Collected Information
Vesta may disclose your and your customers’ information under the following circumstances:
- To Vesta employees, contractors and agents to assist with any Vesta products and services provided to you or your customers by us now or in the future.
- To third party service providers in connection with ongoing merchant activity, including for underwriting, background checks and financial checks.
- To third party service providers in connection with customer support administration.
- To payment processors and banks in connection with processing your or your customers’ payments and settling the funds.
- In order to help Vesta with fraud prevention, debt collection, emergency services and crime prevention purposes, we may disclose information about you or your customers to debt collection agencies, fraud prevention agencies, security agencies, financial institutions, emergency services, crime prevention agencies and telecommunications companies.
- To other suppliers we engage to process data on our behalf in connection with providing Vesta services to you or your customers.
- We may provide aggregate information and statistics to third parties, for example, content partners and advertisers. • These statistics will not include information that can be used to identify any individual.
- We may disclose personal information collected from you or your customers to persons or companies that we retain to carry out promotions and other activities for which you or your customers have registered or in which you or your customers have otherwise asked to participate.
- We may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Other than as described above, Vesta does not disclose customer information to third parties. In the event that Vesta’s practice regarding disclosure of customer information to third parties should change in the future, Vesta will provide a clear, conspicuous and readily available mechanism for customers to opt out of such information disclosures.
Protection of Collected Information
Vesta provides physical, electronic, and procedural safeguards to protect information we process and maintain. Any information you or your customers make available to Vesta in the course of using the Vesta services is encrypted using Secure Socket Layer (SSL) technology. This helps protect information from being intercepted and misused by third parties when it is traveling over the Internet. When Vesta receives your or your customers’ information, it is stored on a secure server and is only read by authorized personnel. Please be aware that although Vesta takes steps to create a secure environment for personal information, Vesta cannot guarantee the security of any personal information transmitted online. Vesta will make reasonable attempts to notify you or your customers if there is a security breach involving your information which results in a risk of identity theft or as otherwise required by law.
Management, Access, Correction or Deletion of Collected Information
Vesta will retain information for as long as you or your customers use the Vesta services and for a reasonable time thereafter. Individuals whose personal data Vesta is processing have rights under Privacy Shield to access, correct or delete their personal data. If you’d like us to correct or delete personal information that you have provided, please contact us at email@example.com and we will respond in a reasonable time. Please note that we may be required or permitted to retain certain information by law. If you become aware of any inaccuracies in the personal or company information you have provided, you must notify us and correct them as soon as possible.
Onward Transfers to Third Parties
It may be necessary to transfer your or your customers’ personal information to third parties, which may include third parties located in countries outside of the European Union or the United States. Pursuant to the Privacy Shield Framework, Vesta remains liable for the onward transfer of personal data to third parties unless we can prove we were not a party to the events giving rise to the damages.
EU Privacy Inquiries, Complaints and Dispute Resolution
For EU customers, please be aware that your information may be transferred to and processed in the U.S. By using the Vesta services, you consent to such transfer and processing. If you are a merchant, you are responsible for ensuring that your EU customers are aware and have consented to the transfer and processing of their information.
Vesta has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances you or individuals whose personal data Vesta is processing may be able to invoke binding arbitration before the Privacy Shield Panel of the U.S. Department of Commerce and the European Commission.
Vesta is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) under Privacy Shield.
We do not market to or knowingly solicit data from children under the age of 18. A customer must be at least 18 years old in order to use the Vesta services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at firstname.lastname@example.org. We will delete the information from our files within a reasonable time.