Last Updated: December 21, 2023
TouchNet Information Systems, Inc. (“TouchNet,” “us”, “we” or “our”), a Global Payments company, respects your rights and preferences regarding data privacy.
In this Privacy Notice (“Notice”), we describe how we collect, use, disclose, and dispose of personal information that we collect from our customers and prospective customers, as well as from our customers’ personnel (collectively “Customers”), including Customer users of our websites, forums and blogs (“Sites”), our mobile applications (“Apps”), and our other products and services, including Client Community and U.Commerce Suite (collectively, “Services”) in the course of our business activities.
For some Services, where required, we will provide additional privacy notices before collecting personal information about you. TouchNet maintains specific privacy notices for job applicants, employees, and contractors through Global Payments. If you are a job applicant, employee, or contractor and need a copy of the applicable privacy notice, please contact us at [email protected].
Please note that if you do not fall within any of these categories, this Notice does not apply to you. In particular, this Notice does not apply to you if you are a consumer (ie., a student or parent) making a payment to a TouchNet customer (i.e., a college or university) through a TouchNet App or Service. If you are a consumer whose personal information was collected and processed by one of our Customers using one of our Apps or Services, and you have questions about that Customer’s privacy practices, you should refer to that customer’s privacy notice or contact that Customer directly.
This Notice applies to the Services provided by TouchNet on its own behalf or in combination with one of its parents, affiliates, or subsidiaries.
In this Notice, we provide information about:
- PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE DISCLOSE PERSONAL INFORMATION
- TRANSFERRING PERSONAL INFORMATION GLOBALLY
- DATA SECURITY AND DATA RETENTION
- COOKIES AND OTHER TRACKING TECHNOLOGIES
- EXTERNAL LINKS
- YOUR LEGAL RIGHTS
- CHANGES AND UPDATES
- CONTACT US
- REGION-SPECIFIC INFORMATION
Please be aware that not all of the information in this Notice will be directly applicable to our handling of personal information about you. This Notice provides an overview of the possible circumstances in which we interact with personal information. If you have any questions about our processing of personal information about you, please contact us at [email protected].
“Personal information” is information that identifies you as an individual or relates to an identifiable individual. Subject to your consent if required by law, we may collect the following categories of personal information about you as relevant to the Services with which you are engaging:
- Basic Identifying Information, including your full name, postal address, e-mail address, phone number, username, or other similar identifiers.
- Government-Issued Identifiers, including your driver’s license number, Social Security number, or other similar government identifiers.
- Device Information and Other Unique Identifiers, including device identifier, internet protocol (IP) address, cookies, or similar unique identifiers.
- Internet or Other Network Activity, including browsing or search history and information regarding your interactions with our Sites, Apps, and Services.
- Geolocation Data, to the extent such can be inferred from your contact information or from your Internet or other Network Activity or if you enable your device to send us location information.
- Payment Information, including credit or debit card numbers or other financial account information.
- Commercial Information, including information about your organization, the products and Services we provide to you, your access and purchase history with us, and your preferences regarding products and related Services which are of interest to you.
- Professional and Employment-Related Information, including your role or status with the organization with which you are affiliated.
- Information You Provide, including your communications with us and any other content you provide (such as if you report a problem with our Sites and Apps or you participate in any blog, community, or forum on our Sites).
- Audio and Visual Information, including photographs, images, videos, and recordings of your voice (such as when we record calls or videos for quality assurance or other business activities).
- Inferences drawn from or created based on any of the information identified above.
How we use personal information. Subject to your consent if required by applicable law, we may use personal information about you for the following business and commercial purposes:
- To provide our Services to you
- Create, maintain or provide service for your account
- Process or fulfill requests from you
- Respond to customer service requests from you
- Verify your information
- Process payments
- To conduct our operations and for other general business purposes
- To conduct audits and enable internal record keeping and administration of records
- Undertake activities to maintain the quality, safety or integrity of the Services and to repair, improve, upgrade, or enhance our Services
- Maintain data security, including protecting against, detecting, and responding to security incidents or malicious, deceptive, fraudulent, or illegal activity
- Monitor our Sites, including gathering usage data and other analytic information and to track information about our interactions with you
- For direct marketing purposes subject to your consent if required by applicable law
- Other uses that are required for us to meet our legal, contractual or regulatory requirements
Sources of personal information. The categories of sources from whom we collect personal information are as follows:
- Information that you provide to us: We collect personal information that you provide to us when you set up an account with us, register for a conference with us, use our Services, or communicate with us. For example, if you register for an online account with us, then we may request your name, contact information and payment information. Providing us with personal information is voluntary, and you can always choose not to provide certain information, but then you may not be able to take advantage of or participate in some of the Services' features.
- Information collected from third parties: We may collect information about you from third parties in the course of providing our Services. For example, we may collect personal information like your name and contact information from the institution with which you are employed to provide the Services.
- Information collected through technology: When you visit our Sites or Apps or interact with an email we send to you, we may collect certain information automatically such as your account or device identifier, and usage information such as pages that you visit, information about links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services. You have the ability to express your preference regarding some of the ways we collect information through technology in some of our Services (see “Cookies and Other Tracking Technologies” for more information). We may collect geolocation information in the Apps for the purpose of enabling location-based Services.
Our legal basis for processing personal information. Our legal basis for using personal information about you includes (1) performance of a contract so you and your end users can use the Services, (2) our legitimate interests which include to improve our Sites and Services, better engage with you, prevent fraud, and secure our Sites, (3) to comply with a legal obligation (to keep information we are required to keep such as payment information) and (4) with your consent when required by applicable law, such as, for example, if we are sending you marketing communications.
Our business purpose for processing personal information. Our primary business purpose for processing personal information about you is to provide the Services consistent with the contract terms between us and our Customer. We may also use personal information about you to enable the following additional business purposes: (1) detecting and managing security incidents or fraudulent activity, (2) providing customer service, fulfilling requests, and other functions directly related to the Services, (3) maintaining our software including debugging and repairing errors, (4) providing advertising and marketing services, and (5) maintaining the quality of the Services and developing enhancements and improvements to meet our customer needs.
Data anonymization and aggregation. Subject to your consent if required by law, we may anonymize or aggregate personal information so that you are not identified or identifiable from it, in order to use the anonymized or aggregated data. For example, we may use anonymized or aggregated data for statistical analysis including to analyze trends, for product development, and for risk assessments and cost analysis. We may disclose anonymized or aggregated data to our parents, subsidiaries, affiliates or with other third parties. This Notice does not restrict TouchNet’s use or disclosure of any anonymized or aggregated information.
Except as otherwise specified, we may disclose any of the categories of personal information about you in the manner and for the purposes described below:
- With TouchNet affiliates where such disclosure is necessary to provide you with our Services or to manage our business.
- With third-party service providers. For example, we disclose personal information to information technology (IT) service providers who help manage our back office systems or administer our Sites and Apps.
- With third-party service providers who provide services to us, including (without limitation) legal, accounting, audit, consulting, marketing and other professional service providers, and providers of other services related to our business.
- With our Customer with whom you also have a relationship (i.e. as an employee of our Customer) when you use the Services.
- With banks and payment providers to authorize and complete card payments.
- With logistics service providers to enable the delivery of packages to individuals.
- With advertisers and analytics providers in order to help us measure our ad campaigns and better understand how individuals interact with our Sites and Apps.
- With other third parties to whom you direct us to disclose defined categories of personal information about you.
- To third parties in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our assets or stock (including in connection with any bankruptcy or similar proceedings).
We operate and have affiliate companies that are located around the globe. Subject to your consent if required by applicable law, we may appoint an affiliate company to process personal information in a service provider role. This means that personal information may be transferred to and stored in the United States or in another country outside of the country in which you reside, which may be subject to different standards of data protection than your country of residence.
We will take appropriate steps to transfer personal information in accordance with applicable law, such as transferring personal information to countries that are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
We retain the personal information we collect for different periods of time depending on what it is and how we use it. In some contexts, we will provide additional information about retention as you use the Services. When we collect personal information, we will retain it only for as long as is necessary to complete the legitimate business or legal purposes for which we collected it. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide Services to you, for example, for as long as you have an account with us or continue to use our Services, and the length of time thereafter during which we may have a legitimate need to reference personal information to address issues that may arise;
- Whether there is a contractual obligation to which we are subject, for example, our contracts with our Customer may specify a certain period of time during which we are required to maintain the information related to that Customer;
- Whether there is a legal obligation to which we are subject, for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them; and
- Whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation or regulatory investigations.
A “cookie” is a text file that is stored to your browser when you visit a website.
Unique device identifiers like IP address or UDID recognize a visitor’s computer or other device used to access the internet. Unique device identifiers are used alone and in conjunction with cookies and other tracking technologies for the purpose of “remembering” computers or other devices used to access the Sites and Apps. We also gather statistical information about the use of our services in order to continually improve their design and functionality, understand how they are used, and assist us with resolving questions regarding them.
We may also use other technologies like pixels or tags that allow us to measure responses to our email communications.
Cookies can be classified by duration and by source:
- Duration. The Sites use both “session” and “persistent” cookies. Session cookies are temporary; they terminate when you close your browser or otherwise end your “active” browsing session. Persistent cookies remember you on subsequent visits. Persistent cookies are not deleted when you close your browser, and they will remain on your computer or other device unless you choose to delete them (see below for “How to Delete or Block Cookies and Other Tracking Technologies”).
- Source. Cookies can be “first-party” or “third-party” cookies, which means that they are either issued by or on behalf of TouchNet or by a third-party operator of another website. For an example of a third-party cookie, our Sites may contain a Facebook “like” button, which would set a cookie that can be read by Facebook. Our Sites may use both first-party and third-party cookies.
The cookies that we may use fall into the following categories:
- Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions taken by you such as logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking them may impede the functionality of the Sites.
- Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Sites. They help us to know which pages are the most and least popular and see how visitors move around the Sites. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our Site, and will not be able to monitor its performance.
- Functional Cookies. These cookies enable the Sites to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some of these services may not function properly.
- Targeting Cookies. These cookies may be set through our Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
TouchNet may provide links on our Sites and Apps to third-party websites and services that are not under our control. We do not endorse or make any warranty of any type regarding the content contained on such third-party websites or services or regarding the products and services they offer.
We encourage our users to be aware when they leave our Sites and Apps. You should read any other applicable privacy and cookies notices carefully before accessing and using third-party websites and services.
The Sites, Apps, and Services are not directed to children or intended for use by children. We do not solicit or knowingly accept any personal information from persons under the age of 16. Please do not use the Sites, Apps, or Services if you are under the age of 16.
Depending on how you interact with our Sites, Apps, or Services, you may have the right to:
- Know whether we process personal information about you;
- Know how the personal information is used;
- Access, request and receive the personal information we have collected in a portable manner;
- Opt out of having personal information sold, “shared”;
- Request that we correct inaccuracies in personal information about you; and
- Request that we delete personal information about you.
You may contact us using the information in the “Contact Us” section of this Notice for additional information about how to exercise your rights. In addition, if you are a resident of California, the European Union, the United Kingdom, Quebec, Australia, or other jurisdiction with similar laws, please see the “Region-Specific Information” section below for further details on how to exercise your privacy rights.
We reserve the right, in our sole discretion, to modify, update, or otherwise change this Notice. The “Last Updated” legend at the top of this Notice indicates when this Notice was last revised. Any changes will become effective when we post the revised Notice on our Services, including our Sites and Apps.
If you have questions about this Notice, or if you want to exercise your rights as described in this Notice, you can submit a request by completing this form or may contact TouchNet as follows:
TouchNet Information Systems, Inc
Attention: Privacy Office
9801 Renner Blvd., Ste. 150
Lenexa, Kansas 66219 USA
Email: [email protected]
If you make a request to exercise a privacy right, we will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may decline to honor your request where an exception applies. In order to honor any access, deletion, or similar request, we will require you to provide enough information for us to verify your identity. For example, we may ask you for information associated with your account, including your contact information or other identifying information. If you would like your agent to make a request on your behalf, if permitted under applicable law, the agent may exercise those rights as noted above. We will process the agent’s request consistent with applicable law. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in this section or confirm that you provided the agent permission to submit the request.
Information for European Union and United Kingdom Residents
To the extent that the Sites or Apps with which you are interacting is directed at United Kingdom or European Union residents, this section of the Notice applies to you.
You have specific rights with regard to the processing of your personal data. When TouchNet acts as a business for the purpose of processing your personal data you can contact us using the information provided in the “Contact Us” section of this Notice with regard to the following rights. You may also contact our Data Protection Officer at [email protected].
What does this mean?
Right to be informed
You have the right to be provided with clear and easy-to-understand information about how we use your personal information. This is why we are providing you this Notice and we may provide other forms of notice, as appropriate or required by law, in the Services.
Right to access personal information
You have the right to access and receive a copy of personal information we hold about you.
Right to data portability
In some circumstances, you have the right to receive the personal information you request from us in a format that is user-friendly and enables you to transfer it to another provider.
Right to rectification
You have the right to correct or update your personal information if it is outdated, incorrect or incomplete.
Right of erasure ("right to be forgotten")
In some circumstances, you have the right to have your personal information erased or deleted.
Right to restrict/suspend processing of personal information
You may object to processing of personal information that is based on legitimate interest. You may withdraw consent for processing that is based on consent (this includes the right to opt out of direct marketing).
Right to information about information transfers
You have the right to obtain a copy of documents related to the safeguards under which your personal information is transferred outside the EU.
Right to complain to a supervisory authority
You have the right to contact the data protection authority in your country to complain about our data protection and privacy practices.
Information for Residents of California and Other Similar Jurisdictions
This section supplements the above Notice and further describes how we collect, use, and disclose the personal information we collect about residents of California and other similar jurisdictions.
Categories of Personal Information We Collect and Our Purposes for Collection, Use and Disclosure
The following chart details which categories of personal information we collect and process, as well as which categories of personal information we disclose to third parties for our operational business purposes, including within the preceding 12 months.
Categories of Personal Information (See the “Personal Information We Collect and How We Use It” section for a description of each category of Personal Information)
Disclosed to Which Categories of Third Parties for Operational Business Purposes
Basic Identifying Information; Device Information and Other Unique Identifiers; Internet or Other Network Activity; Commercial Information; Professional and Employment-Related Information; Information You Provide; Inferences
Please see the “How We Disclose Personal Information” section for a list of the categories of third parties to whom we may disclose these categories of personal information.
Please see the “Personal Information We Collect and How We Use It” section for a list and description of the applicable processing purposes for these categories of personal information.
Affiliates; distributors of our products and Services; service providers; third parties with whom you have a relationship; regulators; legal authorities and other third parties in order to comply with laws, regulations, and standards; other parties in litigation
Affiliates; distributors of our products and Services; service providers; marketing partners; legal authorities and other third parties in order to comply with laws, regulations, and standards; other parties in litigation;
Affiliates; third parties with whom you have a relationship; regulators; legal authorities and other third parties in order to comply with laws, regulations, and standards
Audio and Visual Information
Affiliates; distributors of our products and Services; service providers; regulators; legal authorities and other third parties in order to comply with laws, regulations, and standards; other parties in litigation
Unless otherwise disclosed in a specific notice, and subject to your consent where required by applicable law, we do not sell your personal information to third parties for monetary compensation. We do not knowingly sell or “share” (for purposes of cross-context behavioral advertising) the personal information, including the sensitive personal information, of minors under 16 years of age.
Collection, Use, and Disclosure of Sensitive Personal Information
Subject to your consent where required by applicable law, we collect, process, and disclose sensitive personal information for purposes of: providing goods or services as requested; ensuring safety, security, and integrity; countering wrongful or unlawful actions; short term transient use such as displaying first party, non-personalized advertising; performing services for our business, including maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing analytic services, providing storage, or providing similar services on behalf of our business; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use sensitive personal information beyond these purposes.
Rights and Requests
Right to know about personal information collected, used, disclosed, sold, and “shared”
You have the right to know whether we process personal information about you, and to access such personal information. If you are a California resident, you may also request that we disclose to you:
Right to receive a copy of personal information
You have the right to request that we provide the specific pieces of personal information, including a copy of such personal information in a portable format.
Right to opt-out of the sale of personal information
You may request that we do not sell personal information about you to third parties.
Right to opt-out of targeted advertising, including the “sharing” of personal information for cross-context behavioral advertising
You may request that we opt you out of targeted advertising, including that we stop “sharing” personal information about you for purposes of cross-context behavioral advertising. See the “Do Not Sell or Share My Personal Information” section for more information on opting out of certain cookies on the Sites and Apps.
Right to request deletion
In some circumstances, you have the right to have personal information about you deleted.
Right to equal service and prices (“non-discrimination”)
Your choice to exercise your privacy rights will not be used as a basis to discriminate against you in services offered or pricing
Right to request correction
You have the right to request that we correct inaccuracies in personal information about you.
Right to limit the use and disclosure of sensitive personal information
In some circumstances, you may request that we limit the use and disclosure of your sensitive personal information.
Right to appeal
Depending on your state of residence, if we refuse to take action on your request, you may appeal this refusal within a reasonable period after you have received notice of the refusal. To appeal, you can contact us at [email protected] or complete this form and select “Appeal a decision about a previous request” under “Type of Request.”
You can submit a request for any of the above rights by using the contact information in the “Contact Us” section of this Notice.
California Shine the Light
If you are a resident of California, you may request information concerning the categories of personal information (if any) we share with third parties or affiliates for their direct marketing purposes. If you would like more information, please submit a written request to us using the information provided in the “Contact Us” section of this Notice.
Information for Residents of Quebec
Cross-Border Transfers of Personal Information
If you are a resident of Quebec and we collect personal information about you in Quebec, that information will be communicated outside of Quebec to other locations in Canada, the United States and other places where we or our service providers process your information, for the purposes described above.
We maintain a governance program for the protection of personal information that we collect. The program includes policies and procedures designed to help us comply with this Notice. This program requires employees to protect the confidentiality of personal information that we handle through the lifecycle of that personal information. The program includes an employee code of conduct, breach reporting procedures, data retention and destruction policies, employee training, and procedures for addressing complaints and providing individuals with access to their personal information in accordance with this Notice.
TouchNet has established controls and mechanisms to protect data at each stage of the data lifecycle, from collection or creation, through to disposal.
Data Subject Rights
De-indexation Right or Right to Erasure
You have the right to request that we delete the personal information that we collected from you and retained, subject to certain exceptions. For example, we may deny your deletion request if retaining your information is necessary for us to be able to recover payment, detect security incidents, or protect against illegal activity.
Cessation of Dissemination
You have the right to request that we cease disseminating your personal information if the dissemination is contrary to the law or a court order, or in certain other circumstances.
Right to Data Portability
You have the right to receive computerized personal information that you have provided directly to us, for example, through opening an account, in a commonly-used and machine-readable format. You have this right so that you may transmit your information to another organization without hindrance.
Information for Residents of Australia
Under the Privacy Act 1988 (Cth) (the “Australia Act”), you have the right to (i) request access to your personal information; (ii) request the correction of your personal information; and (iii) complain about a breach by us of the Australian Privacy Principles (APPs) (in Schedule 1 of the Australia Act) or any binding registered APP Code. We will handle any complaints or requests for access to or correction of personal information in accordance with our obligations under the Australia Act. All complaints are taken seriously and will be assessed by appropriate personnel with the aim of resolving any issue in a timely and efficient manner and in accordance with the Australia Act.