VeriFone, Inc. and its direct and indirect parent and subsidiary companies listed here (collectively, "Verifone", "Company”, or “We”) act as data controllers and are committed to safeguarding your personal data's privacy and security.
This Privacy Notice (“Notice”) details our practices around personal data - what we collect, why we collect it, and your rights.
This Notice applies to individuals in the European Economic Area (EEA) and the United Kingdom who visit Verifone Websites (as defined below), merchants or retailers of Verifone, and prospective customers.
If you are a cardholder who has used one of our terminals at a point of sale and/or e-commerce, please note that Verifone is a processor of consumers' transaction data under various privacy laws and, as a matter of law, cannot provide access to, correction of, or deletion of that personal data (or fulfil the exercise of any other data protection rights) unless so instructed by the relevant merchant who is the data controller. The "data controller" will be the merchant (i.e. a retailer) from whom you have purchased items and who uses Verifone's technology to help process your payment.
If you believe a merchant has engaged Verifone to process your personal data, please contact the relevant merchant in the first instance in order to exercise your data protection rights. We will then follow any instructions provided to us by the merchant with respect to your personal data, in accordance with our agreements with them and as required by law.
If you are a retailer or merchant of Verifone Payments UK, Verifone Payments Gmbh, or Verifone Payments B.V, you can refiew the applicable privacy policy available here.
Personal Data We Collect
Information you provide
We collect or request personal data from you when you:
- Interact with us by email, telephone, mail or other means;
- Request a quotation, support, downloads or information;
- Purchase a product, service or solution from us;
- Create or manage an account;
- Register or activate a device (e.g., payment terminal);
- Apply for financing or commercial credit;
- Register for events, webinars or services;
- Subscribe to newsletters, event notices or information materials;
- Participate in surveys, contests or other promotional activities;
- Visit our websites www.verifone.com, (the “Websites”).
The types of personal data we may request will generally be apparent to you at the time you provide it, and may include:
- Name;
- Contact details (e.g., postal address, email address, telephone number);
- Professional or employment-related information (e.g., job title)
- Online identifiers, including login credentials (e.g., user name);
- Financial details (e.g., credit or payment card number, bank account number, billing address);
- Identification data and documents (e.g., photo, passport, driver license, national ID);
- Demographic information (e.g., birthdate).
If you choose to participate in one of our online surveys, which we conduct to better understand the needs of our customers, we may request additional categories of personal data from you.
Information we collect automatically
In addition to personal data that you provide us, our web servers automatically collect certain internet and electronic network activity information. This includes the domain names of all visitors to the Websites and we also use third party web analytics services which may collect information like your IP address, browser type, operating system, mobile device identifier, geographical area, referring URLs, browsing data, statistical data and other technical information through the use of cookies and similar tracking technology. In the European Economic Area, some of this information may be considered personal data under applicable data protection laws.
Collecting this information enables us to better understand the visitors who come to our Websites, where they come from, and what content on our Websites is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Websites to our visitors. Some of this information may be collected using cookies and similar tracking technology. You can set your browser to block, delete previously-stored cookies, or alert you about these cookies, but some parts of the Websites may become inaccessible or will not function properly. For more information, please see our Cookie Policy here.
Information from third parties
Occasionally, we receive personal data about you from third party sources (including resellers, distributors and other third parties that sell or service Verifone products or solutions), but only where these third parties are legally permitted or required to disclose your personal data to us. The types of information we may collect from third parties include contact details, billing information and delivery details. We use the information we receive from these third parties to provide the requested product, service or solution.
How and Why We Use your Personal data
In general, we will use the personal data we collect from you only for the purposes described in this Policy or for similarly compatible purposes, or for purposes that we explain to you at the time we collect your personal data.
Data processing for the following purpose is necessary for the performance of your contract with Verifone or for the performance of pre-contractual measures taken at your request:
- Provide the products, services or solutions you purchase, to carry out the terms of our agreements with you and to manage our business relationship (e.g., processing and fulfilling orders and transactions, provide support services).
Where the processing of your Personal data is contractually necessary for the performance of your contract with Verifone or for the performance of pre-contractual measures taken at your request, the collection and provision of this Personal data is a prerequisite for the conclusion of your contract with Verifone. Failure to provide such Personal data will thus prevent Verifone from entering into such contracts with you.
Data processing for the following purposes is based on Verifone’s legitimate interests:
- Informing you of upcoming events, updates, news and the latest product, service, solution and other offerings where this is in accordance with your communications preferences;
- Improve, upgrade and enhance our service (including developing new products and services and analyzing our products);
- Conduct auditing (including credit reference checks and other financial due diligence);
- Perform accounting, billing reconciliation and collection and other internal business functions;
- Undertake internal research for technological development (including performing data analysis and processing, market and consumer research, customer satisfaction research, trend analysis, financial analysis);
- Undertake activities to verify and maintain the quality and safety of our service;
- Detect security incidents and ensure the security and continuity of our products and services;
- Litigation and pre-litigation management;
- Operate and manage our websites and perform debugging to identify and repair errors;
- Statistics.
Data processing for the following purpose is necessary to enable Verifone to comply with the legal and regulatory obligations to which it is subject:
- To comply with legal and regulatory obligations, on anti-money laundering and counter-terrorist financing legislation. In such situations, we may use and process personal data about you from publicly available sources, credit reference or fraud prevention agencies or check data against government sanction lists, either directly, or using identity verification providers or due diligence and screening information providers, as necessary to confirm your identity and prevent fraudulent activities and money laundering.
We may also use your information in an anonymized, de-identified or aggregated manner that does not enable direct identification of any individual customer to evaluate and improve our offerings.
Information We Share
We may disclose your personal data to the following categories of recipients, including for the business purposes described above:
- to the authorized personnel within Verifone.
- to our group companies, third party services providers, and partners who provide data processing services to us or who otherwise process personal data for purposes that are described in this Policy or notified to you when we collect your personal data. Service providers and partners include repair or installation, anti-fraud services, resellers or distributors, debt-collection agencies, couriers, contract manufacturers, and product suppliers. A list of our current group company locations is available here.
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- in connection with any proposed purchase, merger, reorganization, acquisition, dissolution or liquidation of any part of our business, provided that we inform the third party that it must use your personal data only for the purposes disclosed in this Policy; and
- to any other person with your specific consent to the disclosure.
How We Protect Personal data
We take data protection and privacy seriously. We maintain appropriate organizational, technical and physical safeguards designed to protect personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Because submissions of information over the Internet are never entirely secure, we cannot guarantee the security of information you submit via the Internet and such submissions are made at your own risk.
Data Retention
We retain personal data only as long as necessary to fulfil the purposes stated above, and generally for the duration of your contract with Verifone, if any. However, such data may be archived for longer retention periods in archives for documentary and/or evidentiary purposes or in accordance with legal or regulatory retention periods.
Once the retention period is met, we will then either delete or anonymize your data.
Your Rights and Choices
If you are located in the European Economic Area or the UK, you may have the following rights in relation to the processing of your personal data. Please note that you may have additional rights under local law.
1. The right of access
You have the right to obtain confirmation as to whether or not your personal data is being processed. If this is the case, you have the right to obtain a copy of your personal data and the following information concerning:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom your personal data has been or will be disclosed, and in particular recipients established in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data is not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing;
- where personal data is transferred to a third country or to an international organisation, information about the appropriate safeguards.
2. The right of rectification
You may request that your personal data be rectified and/or completed if this is inaccurate, incomplete, ambiguous or outdated, at the earliest possible date.
3. The right to object to data processing
You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data whose legal basis is the legitimate interests of Verifone.
If you exercise this right, Verifone will no longer process the personal data to which you have objected unless it can be shown that there are compelling legitimate grounds for continuing to process the data. These grounds must outweigh your interests and your rights and freedoms, or the continued processing may be justified by the establishment, exercise or defence of legal claims.
When we process personal data for commercial prospection purposes, in order to send you our newsletters, promotions and offers, you may object to the processing at any time by clicking on the unsubscribe link provided at the bottom of each prospection message we send you.
4. The right to request the erasure of your personal data
You may request the erasure of your personal data if one of the following reasons applies:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
- you object to the processing of your personal data where there are no compelling legitimate grounds for the processing,
- your personal data has been processed unlawfully,
- the personal data must be erased in order to comply with a legal obligation under European Union law or the law of the Member State to which Verifone is subject.
The right to erasure of processed personal data is not a general and absolute right. It may only be exercised if one of the grounds set out in Article 17 of the GDPR applies.
Furthermore, Verifone may not respond favourably to a request for erasure in certain cases. This will be the case, for example, if Verifone is required to retain personal data in order to comply with a legal or regulatory obligation or if the processing of personal data is necessary for the establishment, exercise or defence of legal claims.
5. The right to restrict the processing of your personal data
You may request that the processing of your personal data be restricted in accordance with the applicable laws and regulations. The cases in which restriction of the processing of personal data may be requested are as follows:
- when you dispute the accuracy of your personal data: the processing restriction must then be implemented until Verifone is able to verify the accuracy of the personal data,
- the processing is unlawful but you object to the erasure of the personal data: limiting the processing is therefore an alternative to erasing the personal data,
- Verifone no longer needs to process the personal data but you require the personal data for the establishment, exercise or defence of legal claims,
- you have objected to the processing: the processing restriction must then be implemented during the verification as to whether the legitimate grounds sought by Verifone prevail over yours.
6. The right to data portability
You have the right to:
- request that your personal data be provided to you in a structured, commonly used and machine-readable format; and
- transfer this personal data to another data controller.
The right to portability of processed personal data is not a general and absolute right. This right only applies to the processing of personal data based on the performance of a contract and which is carried out using automated processes (to the exclusion of manual or paper-based data processing).
This right concerns only the personal data that you provide to Verifone, and therefore does not include derived or inferred data, which personal data has not been provided by you but created by Verifone. The exercise of the right to portability may not prejudice the rights and freedoms of third parties.
When exercising this right, you must indicate whether you wish to receive the personal data yourself or, if this is technically possible for Verifone, whether you wish Verifone to forward it directly to another data controller (in which case you must specify the name of the data controller, its contact details and the department or person to whom the personal data is to be sent and, where possible, inform the recipient of the request you have made to Verifone).
7. The right to withdraw consent
If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
8. The right to lodge a complaint
If, despite all the care taken by Verifone to protect your personal data, you believe that your rights have not been observed, you also have the right to report a complaint to your local data protection authority about our collection and use of your personal data. For more information, please contact your data protection authority. Contact details for data protection authorities in the European Economic Area, Switzerland, the United Kingdom and certain non-European countries, are published by the European Commission and available here.
9. Unsubscribe from our mailing lists
You also have the right to opt-out of marketing communications we send you at any time. You can do so by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you.
Exercise Your Rights
To exercise these rights, please contact privacy@verifone.com and we will consider your request in accordance with applicable data protection laws. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information.
You can also request to exercise your rights under applicable data protection laws by completing an on-line form available here.
Links to Other Websites
Our Websites may contain links to third-party sites. We are not responsible for the content or the privacy practices employed by other sites.
International Transfers
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).
Specifically, our Websites servers are located in the United States and our third-party service providers and affiliates operate around the world. This means that when we collect your personal data we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Policy. If you are located in the European Economic Area, where we transfer your personal data to other countries, we rely on:
- European Commission adequacy decisions, which acknowledge that the non-EEA countries listed here have national laws that protect personal data to a substantially similar standard required by European Union law;
- the European Commission’s 2021 Standard Contractual Clauses, which require non EEA recipients of personal data to continue to protect the personal data they receive to the standard required by European Union law;
- International data transfer agreement and the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers; or
- other lawful data transfer mechanisms or derogations from data transfer restrictions, including an intra-group data transfer agreement in respect of transfers within our Corporate Group.
Further details can be provided upon request. Please see contact information below.
Changes and Contact
We may change/update this Policy from time to time in response to changing legal, technical or business developments. When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Policy changes if and where this is required by applicable data protection laws.
You can see when this Policy was last updated by checking the “last updated” date displayed at the top of this Policy.
If you have any questions about this Policy, please contact us at:
VeriFone, Inc.
Attn: Legal Department
2744 N. University Drive,
Coral Springs,
Florida 33065
United States
You may also contact our Data Protection Officer at privacy@verifone.com.