The following updates were made in this version:
Your privacy is important to us. This Privacy Statement describes how ACI Payments, Inc. ("ACI", "we," "us", or "our") and its brands, including ACI Speedpay, collect and use information about you. Our Privacy Statement applies to our interactions with you and your use of our websites (the "Sites"), products, or services, and how we use and disclose that information. Please read this Privacy Statement carefully to understand how we use your information.
ACI is committed to protecting your privacy and to gaining and maintaining your trust by following a core set of principles:
Below we describe your choices regarding use, access, correction, and deletion of your personal information.
By using any of the Sites, you accept and consent to the terms and conditions of this Privacy Statement, as may be updated from time to time, as well as the Terms of Use, which are incorporated herein. If you do not agree to this Privacy Statement, we ask that you do not use the Sites.
Information You Provide: In general, you can visit the Sites without providing personal information. However, ACI collects the following personal information from you when you choose to provide it. Please note that, if you decline to provide the requested information, you may not be able to take full advantages of the Sites and their features, make a payment, or otherwise use ACI's products and services.
Except as otherwise provided below under the "Information Use" section, when you supply information about yourself for a specific purpose, we use that information only for the specified purpose and to fulfill our regulatory or legal obligations or manage the security and internal operations of the Sites.Information Automatically Collected: When you use and interact with the Sites, ACI uses various technologies to collect information about you automatically. For example, we may automatically collect browser type, device type, operating system, the unique device identifier of any of your computer(s) or device(s) that are used to access the Sites, software version, Internet Protocol ("IP") address, geolocation, phone model, phone operating system, and the domain name from which you accessed the Sites. We also may collect information about your use of the Sites, including the date and time you visit a Site, the areas or pages of the Site that you visit, the amount of time you spend viewing or using the Site, the number of times you return to the Site, other click-stream or site usage data, emails that you open, forward, or click-through to our Site, and other sites that you may visit.
We may use the following technologies to collect this information:
Information Collected from Other Sources: We may acquire information from other trusted sources to update or supplement the information that you provide or that we collect automatically (such as information to validate or update your address or other demographic and lifestyle information). We may use this information to help us maintain the accuracy of the information that we collect, to target our communications so that we can inform you of products, services, or other offers that may be of interest to you, and for internal business analysis or other business purposes.
Combination of Information: We may combine the information that we receive from and about you, including information you provide to us and information that we automatically collect through our Sites, as well as information collected offline, across other computers or devices that you may use, and from third party sources.
ACI may use the information collected from and about you in the following ways:
ACI may disclose the information collected from and about you in a number of ways. ACI does not sell or rent any of your personal information and will not share any of your personal information with third parties except in the circumstances described below, as otherwise described to you at the point of collection, or with your permission.
Tracking Options and California Do Not Track Disclosures: You may adjust your browser or operating system settings to limit tracking or to decline cookies, but by doing so, you may not be able to use certain features on the Site or take full advantage of all of our offerings. Check the "Help" menu of your browser or operating system to learn how to change your tracking settings or cookie preferences. On your mobile device, you can adjust your privacy and advertising settings to limit tracking for advertising or control whether you receive more relevant advertising.
Please note that our systems may not recognize Do Not Track headers or requests from some or all browsers. To learn more about the use of cookies or other technologies to deliver more relevant advertising and your choices with respect to the collection and use of data by these third-party tools, please click here or here.
You have certain rights with respect to your personal information. If you'd like, you may:
To exercise any or all of your rights, contact us by submitting this request form. You may also contact our Chief Privacy Officer, at mbox-aci-privacy-officer@aciworldwide.com. Please do not send us your personal information, other than your name and email address, via email. We will respond to your request to access within a reasonable timeframe.
We will retain your information for as long as your account is active or as needed to provide you with services. In addition, we will maintain and use your information for as long as necessary to comply with our legal obligations, resolve disputes, and administer our agreements.
Opting Out: We provide consumers with the ability to opt out of receiving certain communications from ACI.
To opt out of marketing communications from ACI, you may email us at mbox-aci-privacy-officer@aciworldwide.com. You may also opt out of receiving marketing emails from ACI by clicking the "Unsubscribe" link found at the bottom of the email. You may also opt out of receiving marketing SMS text messages by replying STOP. We will send you a single message confirming your opt-out.
If you provided ACI Payments, Inc. with permission to share your personal information with unaffiliated third parties for their marketing purposes, you may opt out of such disclosure by submitting this request form or by contacting us at mbox-aci-privacy-officer@aciworldwide.com.
We store personal information in our data centers in the US. Your personal information will be transferred to, stored and processed on servers in, and subject to the laws of, the United States, where data protection and other laws may differ from those of your country of residence.
ACI complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ACI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. ACI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.
ACI is responsible for the processing of the Personal Data it receives, under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on ACI's behalf. ACI complies with the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of Personal Data from the EU, UK and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over ACI's compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF. In certain situations, ACI may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
EU, UK or Swiss individuals with inquiries or complaints regarding this Notice or the EU-U.S. DPF Principles, and/or the Swiss/U.S. DPF Principles should first contact ACI at:
ACI Worldwide Corp. Attention: Chief Privacy Officer
6060 Coventry Drive Elkhorn, NE 68022 U.S.A.
Email: mbox-aci-privacy-dataprotection@aciworldwide.com
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, ACI commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
ACI recognizes the importance of children's safety and privacy on the Internet. For this reason, we do not intentionally collect personal information from children under the age of 13, nor do we offer content targeted to children under 13.
The security of your Personal Data is important to ACI. When ACI processes your Personal Data, we engage technical and organizational security measures using commercially reasonable industry practices as outlined by Applicable Law, including current industry standards such as those published by the Payment Card Industry Security Standard Council (PCI), International Organization for Standardization (ISO), and National Institute of Standards and Technology (NIST).
The technical and organizational measures ACI implements to protect your Personal Data, include, but are not limited to: (i) appropriately encrypting your Personal Data in transit and in storage; (ii) limiting access to your Personal Data to only those employees with a legitimate need for access to perform their job functions or provide our products and services; (iii) protecting systems and databases through the use of appropriate access controls, firewalls, and anti-intrusion measures; and (iv) securing ACI premises and offices through the use of on-site security personnel, closed-circuit security cameras, and access controlled entryways. In addition to internal technical and organization security measures such as these, ACI undergoes regular external audits of its security measures by independent auditors.
ACI regularly monitors, reviews, and updates its technical and organizational security measures to ensure that its measures are kept current with and appropriately address emerging threats and vulnerabilities.
In the event that your Personal Data is accessed by an unauthorized individual and a misuse of that Personal Data would be likely to result in a risk to your rights and freedoms or in a risk of unauthorized use, we will notify you as required by Applicable Law unless a law enforcement agency believes that such notification may interfere with any applicable criminal investigation.
The Site may contain links to other third-party sites, which may have privacy policies that differ from our own. Please note that we are not responsible for the practices of these third-party sites, and they are not covered by this Privacy Statement. We encourage you to be aware when you leave our Site and to review the privacy policies of these sites.
We may amend this Privacy Statement from time-to-time, and at any time. If we make updates, we will revise the "Last Modified" date posted at the top of this Privacy Statement. Any updates to the Privacy Statement become effective when we post the updates to our Site. If we make any material changes, we will notify you by email or by a notice on this Site prior to the change becoming effective. ACI encourages you to periodically review the Privacy Statement for changes. Your continued use of the Site following the posting of changes will mean that you accept those changes.
California residents: In accordance with California law, we will not share information we collect about you with companies outside of ACI except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled
Pursuant to the California Consumer Privacy Act (the "CCPA"), you have (i) the right to know what Personal Data a Business has collected, disclosed, or sold about you; (ii) the right to have any Personal Data a Business collected from you deleted; and (iii) the right to request that a Business not sell your Personal Data.
ACI operates as both a Service Provider to others as well as a Business on its own behalf as those terms are defined by Cal. Civ. Code §1798.140(c).
In the prior 12 months, ACI collected the following categories of Personal Data about California residents as a "Business":
Identifiers - such as your name, mailing address, email address, Internet
Protocol address, Social Security number, or other similar identifiers.
Personal Data - categories listed in the California Customer Records statute
(Cal. Civ. Code § 1798.80(e)) - such as your name, Social Security number, mailing
address, telephone number, bank account number, credit card number, or debit card
number.
Commercial information - such as records of products or services purchased,
obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other similar network activity - such as browsing history, search
history, and information on consumer interaction with our websites.
Geolocation data - such as physical location or movements.
You have the right to request that we disclose to you:
You may request access to your Personal Data twice in any 12-month time-period, measured from the date your first request is received by us. If you submit a request to access your Personal Data more than twice in any 12-month time-period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.
You may also ask us to delete any Personal Data that we have collected from you. If you request that your Personal Data be deleted, we will delete all Personal Data we have collected from you and, as applicable, instruct our Service Providers to do the same unless we are legally permitted or required to retain it. You may request that we delete the Personal Data we have collected from you at any time.
You may exercise your rights by submitting a request through the mechanisms set forth in the " How to Exercise Your Personal Data Rights" section of this Privacy Policy. You may also designate an authorized agent to exercise these rights on your behalf by providing them with your written permission to do so and registering them with the California Secretary of State
Colorado Residents: Colorado law requires us to respond to a data subject request within 45 days of receipt (or 90 days if reasonably necessary). If ACI refuses to take action on a data subject request, we will provide our reasons and instructions for how to appeal the decision. Within 45 days of receipt of an appeal (or 105 days if reasonably necessary), ACI will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, ACI will also inform you of your ability to contact Colorado's Attorney General to submit any concerns about the result of your appeal.
Nevada residents: ACI does not sell the personal information of consumers. Nevada law gives Nevada residents the right to request that their personal information not be sold at any time, regardless of our current business practice. If you are a Nevada resident and wish to exercise this right, please submit your request by submitting request form.
Texas residents: If you have a complaint, first contact ACI at 1-800-487-4567 or email at mbox-aci-privacy-officer@aciworldwide.com. If you still have an unresolved complaint, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll free); http://www.dob.texas.gov/
Vermont residents: In accordance with Vermont law, we will not share information we collect about you with companies outside of ACI except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.
Virginia residents: If ACI refuses to take action on a data subject request, in accordance with Virginia law you may appeal ACI's refusal within a reasonable period of time. Within 60 days of receipt of an appeal, ACI will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, ACI will also provide you with information about how to contact Virginia's Attorney General to submit a complaint.
If you have any questions or comments related to this
Privacy Statement, please contact our Chief Privacy
Officer, via email at mbox-aci-privacy-officer@aciworldwide.com
or:
ACI Worldwide - ACI Payments, Inc.
Attention: Chief Privacy Officer, Risk Management
2811 Ponce de Leon Blvd
Suite 1300
Coral Gables, FL 33134