Last update: November 9, 2016. This update replaces references to the US-EU Safe Harbor in Section 6 with a reference to the model clauses. It also updates the list of cookies in Appendix 1.
- Information Collected
- Use and Sharing of Information Obtained by WePay
- Terms that Apply to Information if You Are a Merchant or Platform
- Information Security
- International Transfers
- Your Privacy Choices
Platforms provide the WePay Services to their end users ("Users" or "you") by integrating with the WePay application programming interface ("API"), which also enables the Platform and WePay to share User information.
Platform Privacy Policies
The Services are not intended for children. We ask that minors (persons under the age of 18) do not submit any personal data to us or use the Services.
WePay collects three types of information: information that Users intentionally provide to WePay or the Platform, information about Users that third parties provide to WePay or the Platform to augment or verify that information, and information automatically provided by Users as they interact with the WePay Website or Platform website. In general, you can browse the Website without telling us who you are or revealing any personal data about yourself. Automatically provided information that uniquely identifies a device or browser is not personal data unless it can be reasonably associated with or linked to a particular User. Once you give your personal data, you are not anonymous to us. If you use our Services, we will require you to provide certain personal data to enable us to provide the Services to you.
User Provided Information
Users either accept payments as "Merchants" or make payments as "Payers." A Merchant must provide the Merchant's name, email address, a self-selected password, street address, merchant category code, date of birth (if a natural person), and bank account information to register for a WePay account and access the Services. A Merchant may provide additional information, such as telephone number, tax identification number, or a link to its website or social media account, in order to accelerate account activation and qualify for faster disbursement of funds.
WePay may also require other commercial and/or identification information if Users send or receive certain high-value transactions or high overall payment volumes through the Services or as is otherwise required in order for WePay to comply with its anti-money laundering obligations under European law.
A Payer who is paying with a credit or debit card must provide the Payer's name, card number, expiration date, CVV code, street address, country, and postcode. A Payer who is paying by BACS or EFT must provide the Payer's name and bank account information. If a Payer registers for a WePay account, they will need to provide additional information, including email address and a self-selected password.
Merchants or Payers may voluntarily provide additional information to WePay or the Platform, for example, when seeking customer support or in response to surveys or other inquiries.
Third-Party Provided Information
WePay or the Platform may obtain information about Users from third parties, such as identity verification services, credit reference and fraud reference agencies and credit reporting services, in order to:
- Verify the validity of information provided by Users;
- Assess the financial stability, creditworthiness and underlying riskiness of a Merchant’s business; and
- Undertake checks for the prevention and detection of fraud and/or money laundering.
For example, if you use a credit or debit card with the Services, we may use authorization and fraud screening services to verify the credit or debit card information and address match the information you provide to WePay and that the credit or debit card has not been reported as lost or stolen.
WePay or the Platform also reserve the right to conduct background checks about Users (and their businesses where appropriate) from a credit reference agency or fraud agency. WePay or the Platform, at its sole discretion, reserves the right to periodically review and retrieve a business and/or consumer credit report supplied by such credit reference or fraud agency for any WePay User. WePay or the Platform reserves the right to deny a User use of the Services or close a WePay account based on information obtained during this credit review process.
If you are a Merchant, WePay or the Platform may also collect additional publicly available information about your business and your behavior from social media networks like Twitter, Facebook, Google Plus or LinkedIn (such as the number of "likes", "connections" and "followers"), to the extent relevant to verify the information you provide and the other purposes identified in this section.
The Platform may also provide WePay with additional information, such as the User's transactional history on the Platform.
If WePay cannot verify the information you provide, WePay may ask you to upload or send additional information (such as a credit card statement, tax document, and/or a recent utility bill or other information linking you to the applicable address), or to answer additional questions online to verify your information.
Data Sharing and Our Services
In order to facilitate transactions between WePay Users, the WePay Services allow limited sharing of personal data between WePay, Users and the Platform.
Automatically Provided Information
WePay or the Platform may automatically record certain information about or related to your use of the Services and the Platform that is made available through your computer. Three such technologies are described below.
Cookies and Other Tracking Technologies – WePay or the Platform may collect certain information from a User's browser using small data files called "cookies" and other software tracking technologies like clear gifs or web beacons to help provide Users with a better, faster and safer experience. Our policy with respect to cookies and such tracking technologies is summarized below.
What is a cookie?
"Cookies" are small data files stored on your hard drive by a website that may collect personal data about you. Cookies send data back to the originating website on each subsequent visit, or shares data with another website that recognizes that cookie.
Cookies are useful because they allow a website to recognize a user's device. They do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience.
Cookies do not typically identify you as an individual, just the device you are using. For further information on cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit http://www.allaboutcookies.org
For more information about removing or rejecting cookies, please see "Your Privacy Choices" below.
What cookies do we use?
Below we have provided a list of the categories of cookies found on our Services, and a description of what those cookies do. Please check back here periodically as we may update this information from time to time:
Essential Cookies: We use a number of cookies which are essential to the operation of our Website and the Services. For example, these types of cookies enable you to log into secure areas of the Services and provide the necessary security when you access our Website or Service. Without these cookies, the Services that you have asked for cannot be provided. We want you to understand these essential cookies, and why we use them, but we don't need to get your consent to use them on our Services as we use these cookies only to provide you with services that you have requested.
Functionality Cookies: These cookies allow our Services to remember choices you make, such as: remembering your username, preferences and settings; remembering if you've used any of our Services before; remembering your location; and enabling social media components like Facebook or Twitter. The aim of these cookies is to provide you with a more personal experience so that you don't have to reset your preferences each time you use our Services. As described below, you may disable any of these functional cookies; but if you do so, then various functions of our Services may be unavailable to you or may not work the way you want them to.
Analytical Cookies: These cookies collect information about how you and other visitors use and interact with our Services, for instance which pages are visited most often. These cookies helps us improve the way Website and Services work and provide a better, personalized user experience.
Advertising Cookies: These cookies record your visit to our Website, the pages you have visited, and the links you have clicked. They gather information about your browsing habits and remember that you have visited a website. We (and third-party advertising platforms or networks) may use this information to make our websites, content, and advertisements displayed on them more relevant to your interests (this is sometimes called "behavioral" or "targeted" advertising). These types of cookies are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns.
Some of the cookies we commonly use are listed in our cookies chart in Appendix 1 below. This list is not exhaustive, but it is intended to illustrate primary reasons for certain types of cookies set by WePay and third parties on our Website and through our Services. Third parties may also set certain cookies on your device when you use our Services. In some cases, the third party has been hired to provide certain services on WePay's behalf (e.g., website analytics). When your browser connects to those third parties' web servers to retrieve content, those third parties may set and use their own cookies on your device.
How long do cookies stay on my device?
Some cookies operate from the time you visit the Website or to the end of that particular web-browsing session. These cookies expire and are automatically deleted when you close your internet browser. These cookies are called "session" cookies.
WePay or the Platform may use session cookies to help recognize a User who visits multiple website pages during the same session, so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser.
Some cookies will stay on your device between browsing sessions -- they do not expire when you close your browser. These cookies are called "persistent" cookies. The length of time a persistent cookie stays on your device varies from cookie to cookie.
WePay or the Platform may also use persistent cookies to collect, store, and track information. For example, WePay uses a persistent cookie to store a User’s choice not to be challenged with second factor authentication on the same browser for 30 days. We encode our cookies so that only we can interpret the information stored in them.
Third Party Cookies
Web beacons and other tracking technologies - WePay or the Platform may also collect information via clear gifs or web beacons (also known as "tracking pixels") that helps us better manage content on the WePay Website or Platform website, and in WePay or Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a User's computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.
We collect and store certain information about you. This information may be provided directly by you, a platform partner, or WePay may collect it based on your use of the Website.
WePay uses User information (including personal data) primarily in order to develop, operate, support, maintain, enhance and provide the Services. WePay uses User information to process payment transactions; to provide receipts and reports; to resolve disputes, collect fees, and troubleshoot problems; to customize, measure, and improve the Services; and to enforce our Terms of Service with Users and Platforms.
WePay also uses User information to detect and prevent fraud and other potentially illegal activities. WePay may combine User information with information from other sources using proprietary algorithms to calculate a measure of the risk that a particular User or transaction is fraudulent ("Risk Score").
WePay uses User information for our administrative and operational purposes. WePay or the Platform may notify you of changes in the Services, or may solicit your feedback, or may conduct market research, or may, where you have agreed, send you promotional materials. For more information about how to change your preferences and to unsubscribe from receiving promotional materials, please refer to “Your Privacy Choices" below.
Sharing of Information with Third Parties
A WePay Risk Score is not personal data, and WePay may share it (and other similar information generated by WePay) with Platforms or other third parties. WePay claims ownership of Risk Scores and similar analytical results that we generate using User information, whether alone or in combination with other information. WePay may use, disclose, or sell Risk Scores in WePay's sole discretion.
WePay may share User information (including personal data) with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when WePay believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect WePay's property or legal rights (including, but not limited to, enforcement of WePay's Terms of Service and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.
WePay may host, process, and store Users’ personal data in the United States and other countries through WePay and third parties that we use to operate and manage our Services. Whenever we process personal information outside of the European Economic Area (“EEA”) on behalf of Users located in the EEA or Switzerland, we will continue to afford it adequate protection in accordance with the requirements of the European Data Protection Directive 95/46/EC.
We will share personal data with third parties only to best provide WePay's services and in special situations, such as legal investigations and merger. We may also share non-personally identifiable information with third parties that help us prevent fraud and analyze website activity.
If you are a Merchant or Platform, you agree that with respect to Users’ personal data that you obtain or receive from WePay through or in connection with the Services or a WePay-facilitated transaction, you will:
- only use this information for: (a) WePay related communications that are non-unsolicited commercial messages; (b) ancillary actions in relation to the WePay payments or transactions for which WePay has been used; and (c) any other purpose that the other User consents to after adequate disclosure of the purpose(s);
- promptly comply with any request from WePay requiring you to amend, transfer or delete the personal data;
- process the personal data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments;
- not transfer such personal data outside the EEA without the prior written consent of WePay;
- take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against the accidental loss or destruction of, or damage to, such personal data; and
- promptly inform WePay if any such personal data is lost or destroyed or becomes damaged, corrupted, or unusable.
If, as a Merchant or Platform, you receive any complaint, notice or communication which relates directly or indirectly to the processing of any such personal data or to either party's compliance with any applicable data protection or data privacy laws or regulations, you shall immediately notify WePay and provide WePay with full co-operation and assistance in relation to any such complaint, notice or communication.
If you are a Merchant or Platform, to the extent you are collecting and transferring any User’s personal data on behalf of or to WePay to enable WePay to provide the Services, you will ensure that:
If you are a Merchant or Platform, you will have certain responsibilities in relation to the personally identifiable User information that you receive from WePay when using the Services.
WePay has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction. WePay uses computer safeguards such as firewalls and data encryption, and authorizes access to personal data only for those employees, contractors, and agents who require it to fulfill their job responsibilities.
WePay takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss. WePay encrypts such information and transmits it under Secure Socket Layer (SSL).
WePay has taken a number of steps in order to become an extremely secure service.
In relation to transfers of User information from WePay Payments Ltd. (in the UK) to WePay, Inc. (in the United States), WePay has put in place measures, including standard model clauses, to ensure an adequate level of protection for the rights and freedoms of individuals in relation to the processing of their personal data, as required by European data protection laws.
When WePay stores data on servers in the United States or other jurisdictions, that data is subject to the laws of those jurisdictions.
You have the right to ask us not to process your personal data for marketing or promotional purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You may also opt out of receiving promotional emails or text messages from WePay by clicking the "unsubscribe" link in the email or by emailing firstname.lastname@example.org. If you opt out, we may still send you non-promotional emails, such as emails about your account or our on-going relations.
There are a number of ways you can manage what Analytics and Functionality cookies are set on your devices. Essential cookies, however, cannot be disabled. If you do not allow certain cookies to be installed, the website may not be accessible to you and/or the performance, features, or services of the website may be compromised.
The following links provide information on how to modify the cookies settings on some popular browsers:
- Apple Safari http://support.apple.com/kb/PH5042
- Google Chrome https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
- Microsoft Internet Explorer http://windows.microsoft.com/en-US/windows7/How-to-manage-cookies-in-Internet-Explorer-9
- Mozilla Firefox http://support.mozilla.org/en-US/kb/Cookies
Your Privacy Rights
You can update or delete certain User information through WePay or the Platform. WePay reserves the right to keep copies of User information for so long as is reasonably necessary backups, analytics, or to fulfill legal obligations.
You have the right to access information held about you. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. You also have the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge.
Appendix 1 – Cookies and Purpose
Essential cookies: These cookies are necessary in order for you to move around WePay.com and use the Website:
|wepay||Logged-out session cookie|
|session||A unique session identifier|
|wepay-session-uld||User logged-in cookie. Removed on logout|
|SERVERID||Marketing website (haproxy/routing)|
|Incap_ses_####, visid_incap_####||Marketing website (Incapsula)|
|sso_user||For single sign-on|
Functionality: Functionality cookies record information about choices you’ve made and allow us to tailor the Website to you.
|wepay-device-uld||Device token (for MFA)|
|https://vimeo.com/cookie_list||To provide streaming services from Vimeo|
Analytical: We use analytical cookies to help us understand how users interact with our Website and to provide a better user experience for you.
|_ga,_gat||To obtain information about users' online activities from Google Analytics|
|To provide support services from Zendesk|
|bucket, iframe_bucket||AB testing new user flows|
|_mktotrk||To enable marketing services from Marketo|
|_session_id||To understand traffic interaction between G2Crowd review pages and the Website|
Advertising: We use advertising cookies to collect information to target our advertisements to you.
|_adroll||To provide targeted advertisting services from AdRoll|