Last Modified: 01/24/2022
Any entity accessing the Sites or Services (“you”) represents and warrants that you accept the data practices and terms described in this Policy and as applicable, the ASF US Terms Of Service and Canadian Terms of Service. If you do not agree with this Policy, please discontinue your use of the Sites and Services immediately.
CHANGES TO THIS POLICY:
We may revise this Policy from time to time and without prior notice to you. Except as otherwise noted in this Policy, such changes may apply to any personal information we already hold about you or personal information collected after the Policy is modified. Changes will be posted on this page and are effective as of the “Last Modified” date at the top of this Policy. Please visit this page regularly so that you are aware of our latest updates. Continuing to access or use this Sites or Services after any changes become effective indicates your acceptance of the revised Policy.
In addition, we may provide you with “just-in-time” disclosures or additional information about the data processing practices of specific parts of our Sites or Services. Such notices may supplement this Policy or provide you with additional choices about how we process your personal information.
OUR RELATIONSHIP TO YOU:
To understand ASF’s data protection obligations and your rights to your Personal Data under this Policy, it is important that you identify which relationship(s) you have with ASF.
“Owners” refers to the registered users of the ASF Services, including Owners with both paid and free or trial accounts. ASF has a “data controller” or direct relationship with Owners using and accessing the Sites and Services with regard to their own Personal Data. (Authorized users of an Owner’s ASF paid, free, and/or demo account are collectively and individually referred to as “Owners.”)
“Members” refers to individuals doing business with an Owner utilizing ASF Services whether your data was entered by the Owner or whether you enter it on a form hosted by ASF on behalf of an Owner. ASF has a “data processor” relationship with any Member and will collect your Personal Information solely on behalf of an Owner. Your agreement with the relevant Owner should explain how the Owner shares your Personal Information with ASF and other third parties, and if you have questions about this sharing, then you should direct those questions to the Owner.
“Visitors” refers to any individual accessing the Sites as well as to any individual submitting Personal Data via the Sites for any reason including, but not limited to submitting a “contact us” or other online inquiry form, subscribing to a newsletter or blog, registering for a demo or webinar, or completing an online survey. ASF has a “data controller” or direct relationship with all Visitors accessing or submitting Personal Data via the Sites for any reason.
This Policy does not apply to information processed by third parties, for example, when you visit a third-party website or interact with third party services including those you may access by following a link from the Sites or Services or those with whom we may share information as set forth in this Policy. Please review any third parties’ privacy policies before disclosing information to them.
“Personal Data” means any information about an identified or identifiable individual and any device information that may be linked with an identifiable individual. We collect and process the following types of information. Note: Specific Personal Data elements listed in example are provided for example only and may change. We may create anonymous records from Personal Data for certain business purposes of ASF and its Affiliates as defined below. Any information that is anonymized or aggregated is no longer Personal Data and we may indefinitely use it, share it and retain it for any reason.
“Contact Data”: Personal Data about you used to contact you. For example: your name, company name, title, email address, physical address, phone number, username.
“Profile Data”: Personal Data related to an Owner user account on our Services. For example: business name, phone number, e-mail address, website, physical address and basic business and industry information, employer, colleague names, username, password, credit card and bank account information.
“Owner Data”: Personal Data of an Owner related to you and your business used for account configuration and providing the Services. For example: your social security number (we may use the last 4 digits provided to obtain and store the full social security number), driver’s license state and number, Employer Identification Number (Tax ID), employee names and contact information.
“Member Data”: Consumer Personal Data of an Owner’s Members (end customers) utilized by ASF on behalf of the Owner to provide services to an Owner’s Members. For example: customer name, customer phone number, customer postal address, customer email address, services a customer utilized, session or appointment details, credit card and bank account numbers, user IDs and passwords, customer testimonials or other social media reviews, contract documents, and uploaded files and images. Member Data may be entered by Owners utilizing our Services or by Members using our Member Services to do business with Owners on websites we host on behalf of those Owners.
NOTE: Owners entering or importing Member Data into our systems via the Services, acknowledge that ASF is acting as a data processor providing services to you. You represent and warrant that you have the requisite authority to provide such Member Data to us, and that the disclosure does not violate any applicable law or regulation, including but not limited to the Payment Card Industry Data Security Standard (PCI DSS), the California Consumer Privacy Act of 2018 (“CCPA”), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the EU General Data Protection Regulation (GDPR) or the UK General Data Protection Regulation (UK GDPR).
“Order & Invoice Data”: Any data included in an order or invoice created, transmitted, and/or stored via the Services, including any data entered by Members via the Member Services. For example: services utilized, subscriptions or items purchased, amounts due or overdue, contact information, and any data entered in a free-form or custom field.
“Transaction Data”: When Members use our Member Services to submit a payment, authorize a recurring payment plan or schedule, or otherwise make a purchase from an Owner, we collect information necessary to process that transaction, that may include your name, address, zip/postal code, email address, phone number, credit card or financial account number, IP address, and any other information necessary to process or authenticate the transaction. We securely store credit card and bank account information you enter via the Member Services so that it may be used for authorized future one-time transactions or to discharge automated payments as part of recurring payment schedules and plans. Furthermore, we may collect information about you and your purchase, as well as any Personal Information or demographic data that you provide at the time of purchase, including (without limitation) your email address, contact information, and other information related to the products/services purchased. Transaction Data is also collected when Owners use the Services to collect payments and enter recurring payment plans and schedules for their Members.
“Billing Data”: When Owners subscribe to a plan for our Services we collect information about your or your business’ payment methods, such as credit or debit card numbers, bank account numbers, and billing address.
“Support & Inquiry Data”: We collect information that you provide to us, such as when you create an account, submit a support ticket, engage in an online chat, email or call our sales or service team, when you comment to a blog, or when you email, call, write, fax or otherwise initiate contact with ASF regarding our Sites and/or Services. We record your contact information and support & inquiry details in our customer relationship management system and support ticketing system.
“Device Data”: When you download and use a Mobile App we may collect certain information automatically, such as the type of mobile device you use, your unique device ID, the IP address of your mobile device, your mobile phone number, your mobile operating system, the type of mobile internet browsers you use, geolocation information and information about the way you use the Mobile App.
“Performance & Log Data”: Information created by your use of our Sites and Services. For example: your IP address, browser type, operating system, command line information, diagnostic information related to the Sites and Services (i.e. crash activity reports), the referring webpage, pages visited, date, your geo-location, your mobile carrier, your device and application IDs and search terms. Note that Depending on the law of your country of residence, your IP address may legally be considered personally identifiable information.
“Cookies”: A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information about you, similar to a preference file created by a software application. In some cases, Cookies and similar automated data collection technologies may be used to collect personal information, or information that becomes personal information if we combine it with other information.
“Other Data”: Any other information that an individual provides to us. For example: survey responses, blog comments, or other communication submitted to ASF.
COLLECTION AND PROCESSING:
We collect your Personal Data through our Sites and Services. Our Sites are public, any information that is disclosed on our Sites may appear on search engines, or other publicly available platforms and may be “crawled,” searched and used by unaffiliated third parties. Please do not post any information that you do not want to reveal publicly.
Providing the Services: We process your Personal Data when you sign up for and use our Services with a free or paid account. For example, we use Contact Data, Profile Data, and Owner Data to configure your account and your user credentials, and to communicate with you as it relates to your use of the Services. We use Member Data and Order & Invoice Data to enable Owners to utilize the Services and manage member relationships and to enable Members to do business with Owners via the Services. We may share this Contact Data, Profile Data, Owner Data, Member Data, and Order & Invoice Data with our service providers and partners to the extent necessary to provide you with the Services.
Qualification and Ongoing Diligence: We use Diligence Data collected via registration for a paid account and/or ASF merchant account to verify your identity, perform a credit check and qualify you to use ASF payment processing and other Services, and to confirm your ongoing eligibility to utilize ASF payment processing and other Services. We may provide this information to our service providers for them to utilize as part of the process of underwriting you for a payment processing merchant account and establishing your continued eligibility for an ASF payment processing account.
Transaction, Order, and Invoice Processing: We use Member Data, Transaction Data and Order & Invoice Data to process transactions, orders, and invoices on behalf of Owners, including those placed through the Member Services. Member Data and Order & Invoice Data may be used to communicate with a Member on behalf of an Owner regarding a transaction, order, or invoice.
Payment Processing: We use Owner Billing Data to collect fees associated with the Services as applicable. We use vaulted credit card and bank account numbers to process authorized one-time transactions and to automatically process payments as part of recurring subscription payment schedules.
Customer Service: When you contact us through the Sites or Services, including submitting a “contact us” “request a demo” or other online inquiry form, subscribing to a newsletter or blog, entering a contest, registering for a demo or webinar, completing an online survey or any other means, we may record your Contact Data in our customer relationship management system and use your Personal Data to respond to you. If you provide a mobile phone number to us, you are explicitly granting us permission to send text messages to that number to respond to your request and to contact you at that number via an auto-dialer, which we may do at our discretion.
Marketing: We may use your Personal Data to keep you updated about our products and services and send you promotional material about ASF and as permitted by applicable law, on behalf of our parent company, affiliates subsidiaries, joint ventures, or other companies under common control with us (collectively, “Affiliates”) and partner companies. Promotional materials may include marketing communications, online surveys, notifications regarding our events and webinars and those of our Affiliates and partners. If you provide a mobile phone number to us, you are explicitly granting us permission to send text messages, recorded messages, and/or use an auto-dialer to contact that number for marketing and promotional purposes, which we may do at our discretion. You may opt-out of our marketing communications at any time.
Site Experience: We may use Profile Data and Device Data to tailor your experience on the Sites, provide content that we think might be of interest, and to display content according to your stated preferences.
Cookies & Similar Tech: When you access the Sites or Services or open one of our HTML emails, we may automatically record Performance & Log Data and Device Data by using Cookies, web beacons, pixel tags, click-stream tracking and similar automated data collection technologies. We use this Personal Data for essential and functional purposes including for site administration, to improve the performance and usability of the Sites and Services and analyze how users interact with the Sites and Services. On certain portions of our Sites and Services, we may collect Personal Data through these technologies for advertising, remarketing or other similar purposes.
Security & Enforcement: We process your Personal Data to enhance the security of our Sites and Services and to combat spam, malware or other security risks. This may include monitoring your activities on our Sites and/or Services. Without processing your Personal Data for such purposes, we may not be able to ensure the security of our Sites and Services. We may also process Personal Data to monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities or violations of our services and agreements with you. We may use your Personal Data to enforce agreements with third parties and collect fees based on your use of our Services.
Additional Processing: If we process Personal Data in connection with your use of the Sites and Services in a way not described in this Policy, this Policy will still apply generally (e.g., with respect to Your Rights and Choices) unless otherwise stated when you provide it.
Information we collect may be shared with a variety of parties depending upon the purpose for and context in which that information was provided. In all cases where we share Personal Data with third parties, we will use a “minimum necessary” standard to disclose only that information required for satisfying the purpose of or performing the service for which the information is disclosed. We generally transfer Personal Data in the following ways:
Consent: We will share your Personal Data in accordance with your consent for us to do so.
Owners: When Members make a purchase from an Owner using our Member Services, we may share Personal Data with that Owner except where that disclosure is prohibited by law, regulation or other obligations.
Service Providers: In connection with our general business operations, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers or sub-processors who provide certain services or process data on our behalf. Our contracts with these service providers dictate that they only use your information in connection with the services they perform for us and you consent to our sharing of information with these parties by using our Sites and Services subject to this Policy.
Affiliates: In order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future Affiliates. You hereby agree to our sharing some or all of your information and Personal Data with our Affiliates.
Third-Party Partners: When you complete an online inquiry form to which you were referred by a third-party partner, any information collected through the ASF hosted online inquiry form may be shared with the referring third party partner. We may share your Personal Data with third parties for marketing or adverting purposes, as permitted by law. For example, when you sign up for a webinar co-hosted by us and a third-party partner, we may share your Personal Data with the third-party partner. Third-party partners may use your Personal Data for their own purposes subject to their own privacy policies.
Business Transactions: Your Personal Data may be processed in the event of a business transaction, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction or may part of the assets transferred, in such case the acquiring company will possess any rights granted to us under this Policy.
We retain Personal Data for so long as necessary to service the purpose(s) for which your Personal Data was processed and for a reasonable time thereafter, or as necessary to comply with our legal obligations, to resolve disputes or enforce our agreements. While retention requirements can vary by jurisdiction, we generally apply the retention periods noted below:
Services Usage: We will retain Personal Data for as long as an Owner remains an active user of our Services and for a reasonable time thereafter, to serve the purpose(s) for which the Personal Data was processed. We may store any information about your activity on our Services, including Contact Data, Profile Data, Owner Data, Diligence Data, Order & Invoice Data, Transaction Data, Billing Data, Support & Inquiry Data, and any Other Data created, posted or shared by you while using our Services for as long as we deem it necessary or until you provide specific instructions to delete it, which may be indefinitely, or where a valid business reason exists for such storage such as retaining a comprehensive transaction history, maintaining the integrity of our systems and logs or for the establishment or defense of legal claims, audit and crime prevention purposes.
Member Data: We may store Member Data on behalf of Owners, for as long as a valid business reason exists, which may be indefinitely, any Personal Data, including but not limited to credit card and other financial account information, transaction information, and service utilization information, collected about a Member or other individual, whether entered directly into our systems by the Member via our Member Services, or whether entered by an authorized Owner user via the Services.
Note that Owners control any consumer data we collect and process on their behalf, whether that Personal Data is entered by a consumer Member via the Member Services or whether it is entered by an Owner via the Services, and it is up to the Owner to determine how long they will store their customers’ Personal Data in our systems.
Site Activity: We may store any information about your activity on our Sites or any Other Data created, posted or shared by you on our Sites for as long as we deem it necessary or until you provide specific instructions to delete it, which may be indefinitely, or where a valid business reason exists for such storage such as maintaining the integrity of our systems and logs or for the establishment or defense of legal claims, audit and crime prevention purposes.
Marketing: We store information used for marketing purposes indefinitely until you unsubscribe. When you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we respect your unsubscribe request.
Cookie Data: We retain any information collected via cookies, clear gifs, flash cookies, webpage counters and other technical or analytics tools up to one year from the expiry of the cookie or date of collection. Cookies owned by third parties may have other retention periods.
Call Recording: As required by applicable law, we will inform you that a call will be recorded before doing so. Any recorded telephone calls with you may be retained for a period of up to six years.
YOUR RIGHTS AND CHOICES:
Owners and Visitors with whom ASF has a data controller relationship have the following rights in relation to your Personal Data, in each case to the extent required/permitted under applicable law, and subject to our rights to limit or deny access or disclosure under applicable law.
Members and other consumers who do business with Owners utilizing ASF Services must contact the Owner(s) utilizing ASF Services to exercise these rights. Members can request that the Owner provide you with access to the Personal Data ASF stores on its behalf, that the Owner make changes to that Personal Data, and/or that the Personal Data be deleted from ASF systems. ASF cannot honor such requests directly from Members but will assist Owners with honoring them.
Access: Merchants and Visitors with whom ASF has a data controller relationship may request a list of the Personal Data that we process by submitting an official request in writing via email to the address provided below.
Rectification: Merchants and Visitors with whom ASF has a data controller relationship may correct any Personal Data that we hold about you by emailing us at the address provided below and indicating both the inaccurate and corrected information. Owners may also login to your ASF user account and modify your Personal Data.
Erasure: Merchants and Visitors with whom ASF has a data controller relationship may request that we delete your Personal Data from our systems once per year by making an official request in writing via email to the address provided below and indicating the specific information you would like permanently deleted from our systems. Note that Owners who request removal of their Personal Data will no longer have access to any existing ASF account and will not be able to use any ASF product or service. ASF reserves the right to retain certain account information for its recordkeeping or compliance purposes.
Owners may also login to their ASF user account and delete any Profile Data, Owner Data, Contact Data or Member Data to which they have access. However to ensure that Personal Data is completely removed from our systems, you must submit an official request in writing to ASF at the address provided below, as using a system delete function may merely restrict viewing that data from any system interface and prevent utilizing that data for any system function rather than permanently deleting it.
Data Export: Merchants and Visitors may request a copy of their Personal Data in a common portable format of our choice by submitting an official request in writing via email to the address provided below.
We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. We also reserve the right to retain certain account information for our recordkeeping or compliance purposes.
It is possible for you to access and use the Sites without providing any Personal Data, but you may not be able to access certain features or view certain content and some portions of the Sites may not function properly. You must provide Personal Data in order to utilize the Services. You have the following choices regarding Personal Data we process:
Consent: If you consent to processing you may withdraw your consent at any time to the extent required by law.
Cancellation: Owners may cancel their ASF accounts by contacting us using the contact information provided below.
Opt-Out: You may opt-out of all information collection from your mobile device by uninstalling the Mobile App. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
You may opt-out of receiving marketing communications from us by following the opt-out instructions included in such communications. Any communications from us that are not service-related or transactional in nature will offer you an “unsubscribe” option. To the extent required by law, you may choose to opt-out of sharing Personal Data with third parties.
As there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
CALIFORNIA PRIVACY RIGHTS:
This section only applies to users of our Sites and Services that are residents of the State of California at the time of data collection and are in addition to the rights set forth above. California residents have certain additional rights subject to the California Consumer Privacy Act of 2018 (“CCPA”). Any residents of the State of California with whom ASF has a data processor relationship (Members) must contact the Owner(s) utilizing ASF Services to exercise these rights. ASF cannot honor such requests directly from Members or other consumers but will assist Owners with honoring them.
Consumer Personal Data collected through the Sites and Services is collected for our use and/or the use of the Owner identified at the collection point and is not transferred to any third party for valuable consideration. However, if you are a California resident, you may send us specific instructions not to sell your personal information now or in the future. Such requests can be made via phone, email or in writing to the contact information provided below.
Access: You may request a list of your Personal Data that we process by submitting an official request in writing via email to the address provided below.
Rectification: You may correct any Personal Data that we hold about you by emailing us at the address provided below and indicating both the inaccurate and corrected information.
Erasure: You may request that we delete your Personal Data from our systems that: is no longer necessary in relation to the purposes for which it was collected or otherwise processed; was collected in relation to processing that you previously consented to but later withdrew such consent; or was collected in relation to processing activities to which you object and there are no overriding legitimate grounds for our processing.
Data Export: You may request a copy of your Personal Data in a common portable format of our choice by submitting an official request in writing via email to the address provided below.
Third Parties: California law provides you have the right to receive the following information: the categories of information we disclosed to third parties for the third parties’ direct marketing purposes during the preceding calendar year; and the names and addresses of third parties that received such information or, if the nature of their business cannot be determined from the name, examples of the products or services marketed. You are entitled to receive a copy of this information in a standardized format and the information will not be specific to you individually. You may make this request by emailing us at the address provided below.
California residents have the right to exercise the privacy rights in this section twice within any 12-month period under the CCPA by contacting ASF at the contact information provided below. California residents may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. Any request subject to CCPA is subject to an identification and residency verification process. We will not fulfill any CCPA request unless we have received sufficient information for us to verify the requestor is properly authorized to make such request and the request provides sufficient detail for us to properly understand, evaluate and respond.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA: we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of good or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
We have implemented reasonable security measures designed to secure your Personal Data from accidental loss, unauthorized access, use, alteration and disclosure, however we do not provide any guarantee that your Personal Data will remain secure. We protect your Personal Data by maintaining physical, technical and procedural safeguards to protect the confidentiality and security of your Personal Data. Such safeguards include use of secured socket layers (“SSL”), firewalls, data encryption, enforcing physical access controls to our buildings and files, and limiting access to Personal Data only to those employees, agents or third parties who need to know that information in order to process it for us. We are also a Level 1 PCI-DSS certified service provider and adhere to all NACHA rules for security of ACH data and transactions. Where a third party stores, processes or transmits Member cardholder data, it is contractually required to maintain industry-standard security controls and maintain Payment Card Industry (PCI DSS) Compliance as a Level 1 Service provider, however, we do not have control over and will not be liable for third parties’ security processes.
You are also responsible for keeping your Personal Data confidential and secure. You should choose a password that is complex (e.g., special characters and numbers, sufficient length, etc.) and keep your password confidential. Do not leave your device unlocked so that other individuals may access your device or account. ASF is not in control of your Internet or wireless connection or the devices you use to log into the Services, so you should make sure you trust the devices and connections you use for access. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites or the Services. If you believe that you have experienced unauthorized access or use of your account, please contact us immediately at the address provided below.
Our services are neither directed at nor intended for direct use by individuals under the age of 18 or the age of majority in the jurisdiction where they reside. Further we do not intentionally gather information about such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Sites or Services if you are not the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
CANADIAN CODE OF CONDUCT POLICY:
ASF operates in the United States and Canada and our servers are located in the United States. The measures we take to protect your Personal Data are subject to legal requirements in both countries. Our Sites and Services may be accessed from anywhere, and users outside of the United States may submit their Personal Data to us via forms, comment fields, or other input mechanisms. If you are accessing the Sites or Services from outside the United States or submitting your Personal Data to us from outside the United States, your Personal Data may be transferred to, stored, or processed in the United States and maintained on computers or servers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective those in your jurisdiction. By accessing our Sites or Services, you understand and consent to the transfer of your information to the United States and to those third parties with whom we share it as described in this Policy, whether or not we can currently serve your jurisdiction. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Sites or Services.
Please note, ASF acts as a data processor on behalf of its Owners and Owners are responsible for obtaining your consent relating to the collection, use, transfer and other processing of your Personal Data. Owners may provide additional notices to you providing additional limitations or permissions with respect to our processing of your Personal Data in order to comply with applicable law.
ASF Payment Solutions
9127 South Jamaica St. Suite 200
Englewood, CO 80112
Email: [email protected]