A. COLLECTION OF INFORMATION
The type of Information submitted to or collected by CyberSource varies depending upon the nature of the activity and relationship with CyberSource.
- Browsing the Website: When You browse the company's website, CyberSource may collect information regarding the domain and host from which You access the Internet, the Internet Protocol address of the computer or Internet Service Provider You are using, and anonymous site statistical data. This information is collected for the purpose of assessing the effectiveness of the company's website and for security reasons.
- Inquiries: The website contains various forms, links to company e-mail addresses, and fax numbers that You may use to solicit information about the website, CyberSource services, and the company in general. When You complete and submit a form, send us an e-mail, send us a fax, or contact us by telephone, CyberSource may store the inquiries and their contents, including any personally identifiable information You may have provided. Any personally identifiable information You submit via an inquiry is collected only with Your knowledge and active participation.
- Use of Gateway Services: When You register to use CyberSource online processing services ("Gateway Services"), You will be required to provide personally identifiable information and to enter into a written agreement with CyberSource. If You ordered any products or services from businesses that use our Gateway Services ("CyberSource Customers"), You were required to submit personally identifiable information ("Order Information"). CyberSource Customers transmit Order Information to CyberSource for the purpose of processing Orders. Order Information is maintained in servers located within the U.S.A. and may also be maintained in servers located in Europe or Asia, depending on where the order originates or the geographic location of a CyberSource Customer. CyberSource may maintain Order Information for a certain period of time to comply with audits, legal requirements, or for disaster recovery purposes.
- Applying for a Merchant Account: When You submit an application to obtain a merchant account through CyberSource, You will be required to provide personally identifiable information. Furthermore, CyberSource may also obtain information about You from third party sources, including, without limitation, consumer reporting agencies.
Notice for European Users: The Data Protection Act puts obligations on users of personal information and sets forth principles for its use. One principle states that information must be processed fairly and lawfully. This means that You are entitled to know how we intend to use any information You provide. You can then decide whether You want to give personal information to us. Details are publicly available at www.ico.gov.uk or from:
Information Commissioner's Office
Cheshire SK9 5AF
Tel: 08456 30 60 60 or 01625 54 57 45
Fax: 01625 524510
The Data Protection Act does not generally apply to data about limited companies or partnerships, but it does cover personal data relating to sole traders and partnerships. When we receive an application from a business, we may perform a search with a credit reference agency and fraud prevention agency on the individual company directors or partners.
Order Information provided by You to CyberSource Customers and any Information that You provide to CyberSource directly will be transferred outside of the European Union to the United States. By providing personal information to CyberSource Customers or us, You are consenting to the transfer of such information outside of the EU and to its storage and use as described herein.
B. USE AND DISCLOSURE OF INFORMATION
Usage and disclosure of Your Information varies based on Your relationship with CyberSource. CyberSource never sells any personally identifiable information and, except as expressly set forth below, never discloses personally identifiable information to any third parties.
- Browsing the Website: Information collected while You're browsing our website may be used to analyze trends, administer the website, improve site performance, gather broad demographic information, and for security purposes. Such Information may be disclosed to third parties to provide any of the aforementioned activities on behalf of CyberSource.
- Inquiries: If you submit an inquiry via online form, e-mail, fax, or telephone call, the information collected may be used by CyberSource to respond to Your inquiry or to contact You to inform You of CyberSource services. Information collected during the course of an inquiry will not be disclosed to any third party unless such third party has been contracted by CyberSource, with obligations of confidentiality, to contact You on our behalf.
- Use of CyberSource Services: If You are a CyberSource Customer, CyberSource will use Your Information during the course of providing You with the Gateway Services. During the course of providing such services, CyberSource may disclose Your Information to third parties that have contracted with CyberSource to perform certain functions of the Gateway Services on our behalf ("Subcontractors"). CyberSource may also use Your Information to contact You about other CyberSource offerings and to inform You about general company news and industry trends, directly or through the use of third party vendors. CyberSource may also use Your Information for internal business analyses. If You are a customer of a CyberSource Customer, CyberSource will use Order Information during the course of providing processing services to such CyberSource Customer. CyberSource may also use Order Information at an aggregate level for internal business analyses and fraud prevention. During the course of providing Gateway Services to CyberSource Customers, CyberSource may disclose Order Information to banks, processors, card associations, and other financial institutions that are involved in the course of processing or screening the transaction applicable to the Order Information.
- Applying for a Merchant Account: If You apply for a merchant account from or through CyberSource, CyberSource may use and disclose the Information to evaluate Your eligibility for a merchant account, including disclosure to consumer reporting agencies, relevant financial institutions, and other entities involved in providing the merchant account services. CyberSource may also use and disclose Your Information during the course of providing or procuring on Your behalf the merchant account services. CyberSource may also use Your Information to contact You, directly or through a third party vendor, about other CyberSource offerings and to inform You about general company news and industry trends. CyberSource may also use Your Information for internal business analyses.
- Surveys and Questionnaires: If You submitted an inquiry to CyberSource or if You are a CyberSource Customer, periodically, CyberSource may use Your Information to contact You, directly or through a third party vendor, to complete a survey or questionnaire. Responses to any such survey or questionnaire may be used for internal business analyses and may be disclosed in aggregate form without disclosing Your personally identifiable information.
- Confidentiality Obligations: All contracts entered into between CyberSource and CyberSource Customers, CyberSource and Subcontractors, and CyberSource and other third party service providers contain express provisions governing the confidential treatment of any and all personally identifiable information.
- Investigations and Proceedings: CyberSource may use Information to conduct internal investigations. CyberSource may disclose Information to cooperate with an investigation by law enforcement agencies or other governmental authorities and may also disclose Information in response to a subpoena, warrant, court order, or other comparable legal processes.
C. INFORMATION SECURITY
CyberSource is committed to privacy and security. CyberSource is compliant with the Payment Card Industry Data Security Standard ("PCI DSS") as a Level 1 service provider. CyberSource has been compliant with PCI DSS since its inception in 2002. PCI DSS is the bankcard industry's most stringent security standard. Examples of CyberSource's security measures include: physical, electronic, and procedural safeguards; sophisticated security monitoring tools; documented security policies; use of strong encryption for transmissions of Order Information to and from CyberSource Customers; restricting access to personally identifiable information; and, periodic security audits by third party security experts.
D. CORRECTION OF INFORMATION
If You want CyberSource to correct Your Information that is stored on CyberSource systems, please submit Your request in writing to:
P.O. Box 8999
San Francisco, CA 94128-8999
Attn: Legal Department
Subject to our ability to verify Your request, CyberSource will correct the Information within thirty (30) days of receipt of Your request.