By using any of the Sites, you accept and consent to the terms and conditions of this Privacy Statement, as may be updated from time to time, as well as the Terms of Use, which are incorporated herein. If you do not agree to this Privacy Statement, we ask that you do not use the Sites.

Information You Provide: In general, you can visit the Sites without providing personal information. However, ACI collects the following personal information from you when you choose to provide it. Please note that, if you decline to provide the requested information, you may not be able to take full advantages of the Sites and their features, make a payment, or otherwise use ACI's products and services.

• Registration, Account Access, and Payments: When you register, access your account information, or make a payment online, we must collect certain information about you to create the account or to facilitate your transaction. The types of information we may collect from you depend on the product or service you have with us, and may include:
  • Your name, mailing address, billing address, email address, and phone number
  • Your bill payment (including payment amount and designated payee)
  • Your credit or debit card or bank account numbers, expiration date, and cardholder or account holder name
  • Social Security Number (SSN) and/or employer identification number (EIN)
  • User name, your account number associated with the bill that you are paying, and any applicable credentials
• Online Surveys: At times, we may conduct online surveys to better understand your needs, to provide you with enhanced services, and to help you use the services and Sites more effectively. If you participate in a survey, we will request certain information, such as your name, email address, and ZIP code. Participation is completely voluntary.
• Testimonials: We also display testimonials of satisfied customers and other endorsements on our Sites. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at mbox-aci-privacy-officer@aciworldwide.com, or submit the following request form.
• Social Media: If you link to your Facebook or other social media account through the Sites, we may receive certain information about you based on your registration and privacy settings on those third-party services. This information may include, but may not be limited to, your name, demographic information, updated address or contact information, location, interests, and account and other online activity.

Information Automatically Collected: When you use and interact with the Sites, ACI uses various technologies to collect information about you automatically. For example, we may automatically collect browser type, device type, operating system, the unique device identifier of any of your computer(s) or device(s) that are used to access the Sites, software version, Internet Protocol ("IP") address, geolocation, phone model, phone operating system, and the domain name from which you accessed the Sites. We also may collect information about your use of the Sites, including the date and time you visit a Site, the areas or pages of the Site that you visit, the amount of time you spend viewing or using the Site, the number of times you return to the Site, other click-stream or site usage data, emails that you open, forward, or click-through to our Site, and other sites that you may visit.

We may use the following technologies to collect this information:

• Cookies are small packs of data which are placed in your internet browser and used by website operators such as ACI to provide such functionalities as tracking your visits and activity and storing your online log-on information and preferences. ACI uses cookies and similar online tracking technologies for numerous purposes, including:
  • Storing Your Preferences and Settings. Settings that enable our website to operate correctly or that maintain your preferences over time may be stored on your device. For example, we save preferences, such as language, browser and multimedia player settings, so those do not have to be reset each time you return to the site. If you opt out of interest-based advertising, we store your opt-out preference in a cookie on your device.
  • Sign-in and Authentication. When you sign into any of the Sites, we store a unique ID number and sign-in time in an encrypted cookie on your device. This cookie allows you to move from page to page within the Site without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the site.
  • Security. We use cookies to detect fraud and abuse of our Sites and services.
  • Social Media. Some of our websites include code snippets provided by social media companies that can sense if you are already logged into a given social media account so you can easily share ACI content with other social media users via that account. These code snippets read cookies set previously by social media company web content while you are logged in and browsing such content on those social media sites.
  • Analytics. To provide our products and services and to improve your user experience on our Site, we use cookies and other identifiers, including cookies and other identifiers from third-party analytics providers, to gather usage and performance data. For example, we use cookies to count the number of unique visitors to a web page and to develop other statistics about the operations of our products and services.
  • Performance. We use cookies for load balancing to ensure that the Site remains up and running.
  Please note that most web browsers automatically accept cookies but provide controls that allow you to block or delete them. In most modern browsers, you can block or delete cookies by clicking Settings > Privacy > Cookies. Instructions for blocking or deleting cookies in other browsers may be available in each browser's privacy or help documentation. For more information on controlling cookies, see Section 5 below
• Log Files: are automatically produced files that contain a detailed record of events occurring from within selected software or operating systems. We may automatically gather, or engage a third party to gather, certain information about our website's traffic and store it in log files.
• Local Storage: is the capability for the storage and retrieval of data in hyper-text markup language (HTML) pages natively integrated into your web browser. Like cookies, ACI uses local storage (such as HTML5) to store content and preference information. Third parties who we partner with to provide certain features on our websites or to display advertising based upon your web browsing activity may also use HTML5 to collect and store such information. Various browsers may offer their own management tools for removing or disabling HTML5.

Information Collected from Other Sources: We may acquire information from other trusted sources to update or supplement the information that you provide or that we collect automatically (such as information to validate or update your address or other demographic and lifestyle information). We may use this information to help us maintain the accuracy of the information that we collect, to target our communications so that we can inform you of products, services, or other offers that may be of interest to you, and for internal business analysis or other business purposes.

Combination of Information: We may combine the information that we receive from and about you, including information you provide to us and information that we automatically collect through our Sites, as well as information collected offline, across other computers or devices that you may use, and from third party sources.

ACI may use the information collected from and about you in the following ways:

• To process transactions and otherwise provide you with our products and services;
• To identify and prevent fraud;
• To maintain your account and allow you to register and create and access that account;
• To enhance your Site experience, including by recognizing you and your Site preferences and settings;
• To provide you with customized Site content, targeted offers, and advertising on the Sites or on other sites;
• To respond to your inquiries and contact and communicate with you when necessary;
• To review the usage and operations of our Site, develop and test products or services, and conduct analysis to enhance or improve our content, product, and services;
• To address problems with the Site or our business and to protect the security or integrity of the Site or our business; and
• As otherwise described to you at the point of collection or with your consent.

ACI may disclose the information collected from and about you in a number of ways. ACI does not sell or rent any of your personal information and will not share any of your personal information with third parties except in the circumstances described below, as otherwise described to you at the point of collection, or with your permission.

• Service Providers: We may share your information with our business partners, service vendors, suppliers, or other authorized third-party contractors who provide services on our behalf. We will only provide these third parties with the minimum amount of information necessary to complete the requested service and will require that these third parties keep your information confidential and use it only for the limited purpose of completing the requested service.
• Legal Matters and Safety: We may disclose your information to cooperate in investigations of suspected fraud or other illegal activity, including situations involving potential threats to the physical safety of any person; to conduct investigations of violations of our Terms of Use, any other legal document or contract related to our services, or the rights of any third party; when we are obliged or permitted by law to do so, such as in response to a court order, subpoena, judicial process, or government request or investigation; or when we suspect fraudulent or criminal activities.
• Merger or Acquisition: We reserve the right to share your information in the event that ACI merges with or is acquired by another company. Should such a merger or acquisition occur, we will notify you via a prominent notice on our Sites, and use reasonable efforts to try to require that the other company use personal information provided through this Site in a manner that is consistent with this Privacy Statement.

Tracking Options and California Do Not Track Disclosures: You may adjust your browser or operating system settings to limit tracking or to decline cookies, but by doing so, you may not be able to use certain features on the Site or take full advantage of all of our offerings. Check the "Help" menu of your browser or operating system to learn how to change your tracking settings or cookie preferences. On your mobile device, you can adjust your privacy and advertising settings to limit tracking for advertising or control whether you receive more relevant advertising.

Please note that our systems may not recognize Do Not Track headers or requests from some or all browsers. To learn more about the use of cookies or other technologies to deliver more relevant advertising and your choices with respect to the collection and use of data by these third-party tools, please click here or here.

You have certain rights with respect to your personal information. If you'd like, you may:

• Request access to and the correction of personal information collected from and about you on the Sites. You may also update the personal information associated with your profile by visiting your account.
• Cancel your account or request that we no longer use your information to provide you with any services.
• In some instances, request erasure of certain personal data or object to the processing of your personal information.

To exercise any or all of your rights, contact us by submitting this request form. You may also contact our Chief Privacy Officer, at mbox-aci-privacy-officer@aciworldwide.com. Please do not send us your personal information, other than your name and email address, via email. We will respond to your request to access within a reasonable timeframe.

We will retain your information for as long as your account is active or as needed to provide you with services. In addition, we will maintain and use your information for as long as necessary to comply with our legal obligations, resolve disputes, and administer our agreements.

Opting Out: We provide consumers with the ability to opt out of receiving certain communications from ACI.

• Marketing Communications: By default, if you are a U.S. resident and provide us with your email address, we will send you emails about new or additional services from which you may benefit. In addition, if available in your area, you may opt in to receive autodialed marketing SMS text messages from ACI. Message frequency depends on information such as your geographic location, and message and data rates may apply. Receiving autodialed SMS text messages is not a condition of purchasing a product or service.

  To opt out of marketing communications from ACI, you may email us at mbox-aci-privacy-officer@aciworldwide.com. You may also opt out of receiving marketing emails from ACI by clicking the "Unsubscribe" link found at the bottom of the email. You may also opt out of receiving marketing SMS text messages by replying STOP. We will send you a single message confirming your opt-out.

• Transaction- or Account-Related Communications: As a default, we may contact you via email or SMS text message to confirm or remind you of an upcoming payment (e.g., a quarterly tax payment) or to notify you of a scheduled or successfully completed Auto Payment. To opt out of these communications, you may email us at mbox-aci-privacy-officer@aciworldwide.com. You may also opt out of receiving these SMS text messages by replying STOP. We will send you a single text message to confirm your cancellation.

If you provided ACI Payments, Inc. with permission to share your personal information with unaffiliated third parties for their marketing purposes, you may opt out of such disclosure by submitting this request form or by contacting us at mbox-aci-privacy-officer@aciworldwide.com.

We store personal information in our data centers in the US. Your personal information will be transferred to, stored and processed on servers in, and subject to the laws of, the United States, where data protection and other laws may differ from those of your country of residence.

ACI complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ACI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. ACI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

ACI is responsible for the processing of the Personal Data it receives, under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on ACI's behalf. ACI complies with the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of Personal Data from the EU, UK and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over ACI's compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF. In certain situations, ACI may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

EU, UK or Swiss individuals with inquiries or complaints regarding this Notice or the EU-U.S. DPF Principles, and/or the Swiss/U.S. DPF Principles should first contact ACI at:

ACI Worldwide Corp. Attention: Chief Privacy Officer

6060 Coventry Drive Elkhorn, NE 68022 U.S.A.

Email: mbox-aci-privacy-dataprotection@aciworldwide.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, ACI commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

ACI recognizes the importance of children's safety and privacy on the Internet. For this reason, we do not intentionally collect personal information from children under the age of 13, nor do we offer content targeted to children under 13.

The security of your Personal Data is important to ACI. When ACI processes your Personal Data, we engage technical and organizational security measures using commercially reasonable industry practices as outlined by Applicable Law, including current industry standards such as those published by the Payment Card Industry Security Standard Council (PCI), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST).

The technical and organizational measures ACI implements to protect your Personal Data, include, but are not limited to: (i) appropriately encrypting your Personal Data in transit and in storage; (ii) limiting access to your Personal Data to only those employees with a legitimate need for access to perform their job functions or provide our products and services; (iii) protecting systems and databases through the use of appropriate access controls, firewalls, and anti-intrusion measures; and (iv) securing ACI premises and offices through the use of on-site security personnel, closed-circuit security cameras, and access controlled entryways. In addition to internal technical and organization security measures such as these, ACI undergoes regular external audits of its security measures by independent auditors.

ACI regularly monitors, reviews, and updates its technical and organizational security measures to ensure that its measures are kept current with and appropriately address emerging threats and vulnerabilities.

In the event that your Personal Data is accessed by an unauthorized individual and a misuse of that Personal Data would be likely to result in a risk to your rights and freedoms or in a risk of unauthorized use, we will notify you as required by Applicable Law unless a law enforcement agency believes that such notification may interfere with any applicable criminal investigation.

The Site may contain links to other third-party sites, which may have privacy policies that differ from our own. Please note that we are not responsible for the practices of these third-party sites, and they are not covered by this Privacy Statement. We encourage you to be aware when you leave our Site and to review the privacy policies of these sites.

We may amend this Privacy Statement from time-to-time, and at any time. If we make updates, we will revise the "Last Modified" date posted at the top of this Privacy Statement. Any updates to the Privacy Statement become effective when we post the updates to our Site. If we make any material changes, we will notify you by email or by a notice on this Site prior to the change becoming effective. ACI encourages you to periodically review the Privacy Statement for changes. Your continued use of the Site following the posting of changes will mean that you accept those changes.

California residents: In accordance with California law, we will not share information we collect about you with companies outside of ACI except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled

Pursuant to the California Consumer Privacy Act (the "CCPA"), you have (i) the right to know what Personal Data a Business has collected, disclosed, or sold about you; (ii) the right to have any Personal Data a Business collected from you deleted; and (iii) the right to request that a Business not sell your Personal Data.

ACI operates as both a Service Provider to others as well as a Business on its own behalf as those terms are defined by Cal. Civ. Code §1798.140(c).

In the prior 12 months, ACI collected the following categories of Personal Data about California residents as a "Business":

Identifiers - such as your name, mailing address, email address, Internet Protocol address, Social Security number, or other similar identifiers.
Personal Data - categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) - such as your name, Social Security number, mailing address, telephone number, bank account number, credit card number, or debit card number.
Commercial information - such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other similar network activity - such as browsing history, search history, and information on consumer interaction with our websites.
Geolocation data - such as physical location or movements.

You have the right to request that we disclose to you:

1. The categories of Personal Data we have collected about you as a Business;
2. The categories of sources from which we have collected your Personal Data as a Business;
3. The business or commercial purpose for our collection of your Personal Data as a Business;
4. The categories of third parties with whom we share your Personal Data as a Business;
5. The specific pieces of Personal Data we have collected about you as a Business;
6. If we have sold your Personal Data or disclosed it for a business purpose:
   1. The categories of Personal Data that we sold about you along with the categories of third parties to whom it was sold;
   2. The categories of Personal Data that we disclosed about you for our business purposes.

You may request access to your Personal Data twice in any 12-month time-period, measured from the date your first request is received by us. If you submit a request to access your Personal Data more than twice in any 12-month time-period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.

You may also ask us to delete any Personal Data that we have collected from you. If you request that your Personal Data be deleted, we will delete all Personal Data we have collected from you and, as applicable, instruct our Service Providers to do the same unless we are legally permitted or required to retain it. You may request that we delete the Personal Data we have collected from you at any time.

You may exercise your rights by submitting a request through the mechanisms set forth in the " How to Exercise Your Personal Data Rights" section of this Privacy Policy. You may also designate an authorized agent to exercise these rights on your behalf by providing them with your written permission to do so and registering them with the California Secretary of State

Colorado Residents: Colorado law requires us to respond to a data subject request within 45 days of receipt (or 90 days if reasonably necessary). If ACI refuses to take action on a data subject request, we will provide our reasons and instructions for how to appeal the decision. Within 45 days of receipt of an appeal (or 105 days if reasonably necessary), ACI will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, ACI will also inform you of your ability to contact Colorado's Attorney General to submit any concerns about the result of your appeal.

Nevada residents: ACI does not sell the personal information of consumers. Nevada law gives Nevada residents the right to request that their personal information not be sold at any time, regardless of our current business practice. If you are a Nevada resident and wish to exercise this right, please submit your request by submitting request form.

Texas residents: If you have a complaint, first contact ACI at 1-800-487-4567 or email at mbox-aci-privacy-officer@aciworldwide.com. If you still have an unresolved complaint, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll free); http://www.dob.texas.gov/

Vermont residents: In accordance with Vermont law, we will not share information we collect about you with companies outside of ACI except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.

Virginia residents: If ACI refuses to take action on a data subject request, in accordance with Virginia law you may appeal ACI's refusal within a reasonable period of time. Within 60 days of receipt of an appeal, ACI will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, ACI will also provide you with information about how to contact Virginia's Attorney General to submit a complaint.

If you have any questions or comments related to this Privacy Statement, please contact our Chief Privacy Officer, via email at mbox-aci-privacy-officer@aciworldwide.com or:
ACI Worldwide - ACI Payments, Inc.
Attention: Chief Privacy Officer, Risk Management
2811 Ponce de Leon Blvd
Suite 1300
Coral Gables, FL 33134