Data Privacy Framework Policy

Effective date: October 1, 2023

PayQuicker, LLC (“PayQuicker”) has created this Data Privacy Framework Policy (“DPF Policy”) to help you learn about how we handle Personal Information that is collected in the European Economic Area (the “EEA”) and Switzerland and transferred to PayQuicker in the U.S.

PayQuicker complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PayQuicker has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PayQuicker has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov. With respect to personal data received or transferred pursuant to the Data Privacy Framework (DPF), PayQuicker is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the U.S. Department of Transportation or any other U.S. authorized statutory body.

1. Notice

Our Privacy Policy describes how we use Personal Data we receive from different sources. This DPF Policy describes how we process Personal Data covered by the DPF.

2. Choice

If Personal Data covered by this DPF Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, PayQuicker will provide EU, UK, and Swiss Consumers with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: dpa@payquicker.com.

If Sensitive Personal Data covered by this DPF Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, PayQuicker will obtain the EU, UK, or Swiss Consumer’s explicit consent prior to such use or disclosure.

3. Data Integrity and Purpose Limitation

We will not process Personal Data in a way that is incompatible with these purposes or as subsequently authorized by you. We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the intended purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete, and current. We will adhere to the Principles for as long as we retain the Personal Information collected under the DPF

When we process Personal Information in the context of our Services, we process and retain Personal Information only as necessary to provide our Services, or as required or permitted under applicable law.

4. Accountability for Onward Transfer

In the event we transfer Personal Data covered by this DPF Policy to a third party acting as a controller, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If PayQuicker has knowledge that a third party acting as a controller is processing Personal Data covered by this DPF Policy in a way that is contrary to the DPF Principles, PayQuicker will take reasonable steps to prevent or stop such processing.

PayQuicker’s accountability for personal data that it receives in the United States under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, PayQuicker remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless PayQuicker proves that it is not responsible for the event giving rise to the damage.

We may also need to disclose Personal Data in response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law. We do not offer an opportunity to opt out from this category of disclosure.

5. Data Security

PayQuicker takes reasonable and appropriate measures to protect Personal Data covered by this DPF Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.

6. Access to Personal Data

Data Subjects whose Personal Data is covered by this DPF Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to: dpa@payquicker.com.

7. Recourse, Enforcement, and Liability

PayQuicker’s participation in the EU-U.S. DPF Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Framework is subject to investigation and enforcement by the Federal Trade Commission. These services are provided free of charge to you.

In compliance with the DPF Principles, PayQuicker commits to resolving complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this DPF Policy should first contact PayQuicker at dpa@payquicker.com.

PayQuicker has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, the BBB Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit BBB DPF Services for more information or to file a complaint.

The Data Privacy Framework also provides the option for an individual to invoke binding arbitration to determine whether a DPF organization has violated its obligations under the DPF Principles as to that individual and whether any such violation remains fully or partially unremedied (“residual claims”). Individuals can go here for more information on how to file a Notice of Arbitration Form related to any residual claims.

8. Changes to this DPF Policy

This DPF Policy may be amended from time to time consistent with the requirements of the DPF. Appropriate notice regarding such amendments will be given.

9. Contact Information

If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, contact us via:

• E-mail at dpa@payquicker.com; or
• Mail at PayQuicker, LLC., ATTN: Privacy and Data Protection Officer, 400 Linden Oaks, Suite 320 Rochester, NY 14625.