Skip to main content
Category

Compliance

Jodi Goddard
In Business Services, Compliance, Merchant, Retail, Technology & Equipment

What Square’s Recent Changes Mean For You

What Exactly Went Down

 

In June 2020, Square made recent changes in its rolling policy regarding the handling and processing of customer transactions. They can now hold up to 30% of the money a customer pays for as long as four months before crediting it to merchants. That’s more than a whole financial quarter’s worth of time. Even worse, Square enforces the holding period on a select number of sellers, but does not specify who or on what condition would justify the holding besides vague descriptions of “risky” transactions and the selling of “goods or services more prone to disputes.” 

 

 

How Square’s Policy Change is Impacting Small Business Owners

 

The policy change comes as a surprise for many small business merchants. Contractors, plumbers, and even local legal firms felt significant impacts on the customer fund holdings. Enacted with little warning, Square’s move is disappointing, to say the least, and flies in the face of previous measures that the company promised to help small merchant consumers during the onslaught of the pandemic. Square claims it began the policy changes earlier last year. But with this recent change in transactional holdings, small business owners are concerned that the transactional holdings will usher more local businesses to close down their doors for good. Square claims that only 0.3% of merchants were impacted by the change, but over 2,715 individuals have already composed and signed a petition on Change.org, calling out Square’s policy change as an “unethical business practice.” The number of signatures continues to climb at the time of this writing. 

 

Transparency in Changes, Advocacy for Small Businesses

 

At Platinum Payments, we are transparent with our products and services to our customers. There are no term fees attached, there are no margin increases, and we never change our policies without warning. Small business owners can rest assured that they’re getting the service they expect and deserve to keep focusing on their own customers.  

There are also no term contracts with Platinum Payments, so merchants can pay for the equipment and services they need, and skip what they don’t. We also provide COVID safe transactional options and a customer support staff that’s open 24 hours a day, 7 days a week. 

Small businesses are the backbone of America, and we’re here to support them every step of the way. Don’t be square, be more well rounded. 

Contact our staff today to see how we can help your business get back on your feet. We offer afree analysis service to help get you started.

 

 

Jodi Goddard
In Compliance

How to Become PCI Compliant

A guest post from Sarah Doyle at CR-T.

 

Do you know what it means to be PCI compliant? Or why it’s important? As technology evolves, a lot of businesses are struggling to maintain high levels of security. This article will teach you why PCI compliance is important and how you can take action now to protect your business.

What is PCI?

Payment card industry (PCI) compliance refers to the standards that businesses must follow in order to secure credit card data. The PCI Security Standards Council (SSC) creates and manages these standards.

The PCI Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data. If you accept process payment cards, PCI DSS applies to you.

Each of the PCI SSC’s founding payment brand members (American Express, Discover, JCB International, MasterCard, and Visa) have their own PCI compliance programs. These programs are designed to protect their affiliated payment card account data.

Why Should You Become PCI Compliant?

PCI compliance is mandatory, but for good reason. It protects businesses from data breaches and prevents fraudulent activity. If cardholder data is stolen, the business may be subject to fines, legal fees, and a damaged reputation.

In 2019, Verizon released its annual payment security report, in which an entire section was dedicated to PCI compliance. The report revealed the following statistics:

  •       Only 36.7% of organizations reported full compliance in 2018.
  •       The Asia Pacific region had the highest percentage of compliant organizations.
  •       The hospitality industry reported the lowest percentage of organizational compliance.

Taking the necessary steps to become PCI compliant will help you avoid data loss while keeping your sensitive information protected.

How Can You Become PCI Compliant?

Becoming PCI compliant means adhering to the standards set forth by the PCI SSC. It’s six major requirements include the following:

  •       Build and maintain a secure network and system
  •       Protect cardholder data
  •       Manage ongoing vulnerability
  •       Implement and maintain access control
  •       Regularly monitor and test utilized networks
  •       Clearly document all policies

Meeting with a financial advisor or another expert will help you learn what additional steps need to be taken in order to achieve PCI compliance.

Partner with a Business that Values Compliance

As you work to implement and maintain PCI compliance, partner with other businesses that share your same values. You can work together to accomplish a higher level of security with those that offer more than just a product. Look for those that actively seek to consult and guide you to a better solution for your business growth.

For example, Platinum Payments is an organization whose mission is to protect merchants from rate increases and unnecessary equipment, while helping them remain PCI compliant. Platinum Payments offers 24/7 customer support and promises no termination fees, contracts, or margin increases all while guiding your growth through their platform.

In addition to PCI compliance, Platinum Payments utilizes artificial intelligence (AI) to improve the customer experience. The front end of a transaction looks and feels the same to customers. However, on the back end, an AI will auto-populate the needed contact points for card networks. This will reduce risk and save you time throughout the transaction process.

Platinum Payments’ level of experience and attention to detail will take your PCI compliance to the next level, helping you to achieve greater security and provide a better experience for your customers.

By partnering with us, you are able to help your clients become secure and protected in the ever-moving landscape of financial threats and disasters.

Here at CR-T, we take pride in providing enterprise-level IT services at prices that work for small businesses. Our team of experts can become your IT support department, responding to issues quickly, often before you even know about them. Covering everything from your servers and network infrastructure to your computers, workstations, and mobile devices, we provide end-to-end solutions for all your technology needs.

Time and experience have helped us develop best practices and workflow procedures designed to keep your focus on your business, not your technology.

Jodi Goddard
In Compliance, Merchant

Considering Venmo For Business?

Once upon a time, Venmo could not legally be used for business transactions. In its terms of service, it states, “Business, commercial, or merchant transactions may not be conducted using personal accounts.” Things have since changed.  Venmo will allow limited business use with explicit permission after completing the application process. 

Is Venmo Safe? 

Pre-2015 scammers were using Venmo to defraud people out of thousands of dollars. If it was considered a “business transaction”, the user had no recourse. The security page of Venmo’s website currently states:

“Venmo is designed for payments between friends and people who trust each other. Avoid payments to people you don’t know, especially if it involves a sale for goods and services (like event tickets and Craigslist items). These payments are potentially high risk, and you could lose your money without getting what you paid for. Venmo does not offer buyer or seller protection. Business usage of Venmo requires an application and explicit authorization.”

Venmo and its users have experienced:

  • Payments reversed without authorization
  • Frozen accounts
  • Money is withdrawn from their banking account. 

Venmo’s terms now allow for business transactions BUT, there is no protection for buyers and sellers which is alarming. Unfortunately, that is par for the course when you use a service provider as opposed to a true merchant account. 

Venmo + Small Businesses: How to Make a Decision

If you complete the application process and if you are approved, here’s what you need to know before you make a decision with such potential repercussions. 

  • PayPal itself is PCI Compliant, the disclaimer on their website states that they are NOT responsible for PCI in YOUR store.
  • PayPal is not responsible for PCI compliance if you store, transmit, or process payment card information. Its PCI compliance can be validated at http://www.visa.com/cisp
  • It’s not a matter of IF, but WHEN. 67% of Business owners have no security in place. Fraud was already on the daily rise, now with COVID, the huge shift to a more cloud-based and online presence has just added fuel to the fire
  • Venmo has a prohibited list, like everyone else in the industry. By using its payment service for prohibited items, you are going against the terms and conditions. The prohibited list is long, but you can view the complete list here. * (FYI there are 49 categories that are not allowed). If they won’t acknowledge PCI for those they allow to use their services, what do you think they will do for those who went against their rules? It’s a scary thought. Next in line is the Fraud Maintenance Tools — an optional fraudulent transaction management tool made by Braintree Payment Services. If you want to activate or inactivate the Fraud Maintenance Tools, it is your responsibility to determine which settings you need and which filters to apply. If you were to select the wrong one, you lose out on volume since they decline payments on your behalf. Let’s hope you know what you’re doing. 

“It is your sole responsibility to provide any necessary notices and disclosures, obtain any required consents, on the use of the Fraud Maintenance Tools to your Customers on your website or mobile application”. 

“You acknowledge and agree that PayPal does not represent or warrant that the Fraud Maintenance Tools are error-free or that they will identify all fraudulent transaction activity. In addition, PayPal shall not be liable whether a Transaction is accepted or rejected using the Fraud Maintenance Tools. You are responsible for your optional use of the Fraud Maintenance Tools, including any filters or settings you enable.*

*Edited/Shortened for length. 

I Don’t Have Explicit Permission, What Can Happen? 

If BrainTree/PayPal/Venmo believe you may have engaged in any violation of their terms and conditions, they could (with or without notice to you) take whatever actions that go against the agreement. This could include:

  1. Blocking the settlement or completion of one or more payments;
  2. Suspending, restricting or terminating your access to and use of the Payment Services
  3. Terminating our business relationship with you, including termination without liability to Braintree of any payment service agreement between you and Braintree.
  4. Taking legal action against you
  5. Contacting and disclosing information related to such violations to (i) persons who have purchased goods or services from you, (ii) any banks or Card Networks involved with your business or transactions, (iii) law enforcement or regulatory agencies, and (iv) other third parties that may have been impacted by such violations
  6. Assessing against you any fees, penalties, assessments, or expenses (including reasonable attorneys’ fees) that we may incur as a result of such violations, which you agree to pay promptly upon notice.

What Are My Other Options? 

If anything above concerns you, we can skip all of that to help you process with Platinum Payments. Have the peace of mind that all of your PCI issues are handled, you have liability protection, plus everything else in our Platinum Core

Our Payment Professionals can help you navigate the process and make everything seamless, all while providing you with white-glove treatment. 

Let’s get started today with a free audit. 

Jodi Goddard
In Build a Blog Community, Compliance, Retail

What To Look For In A POS (Point of Sale)

What To Look For In A Point Of Sale

If you are in the market for a new Point Of Sale here are a few things to look for to help you with choosing the best option for you.

First, you need to know what category you fit into. Do you own a food truck, a restaurant or a bar or a retail store? What about healthcare or hospitality/travel? Here is a quick list to help break up the differences.

What is  POS system or POS meaning?

The Meaning of point of sale (POS)  is the time and place where a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice for the customer (which may be a cash register printout), and indicates the options for the customer to make payment. It is also the point at which a customer makes a payment to the merchant in exchange for goods or after provision of a service. After receiving payment, the merchant may issue a receipt for the transaction, which is usually printed but can also be dispensed with or sent electronically.

Foodservice & Restaurant Point Of Sale Features

  • Online ordering
  • Delivery apps
  • Check splitting/tip features
  • Ability to use kitchen screens
  • Back- and front-house communication tools
  • Table layout features
  • Loyalty programs
  • Advanced inventory with tracking for individual ingredients
  • Pay-at-table services

Retail Point Of Sale Features

  • eCommerce integration
  • Advanced inventory with matrix
  • Loyalty programs
  • Gift cards
  • Customizable SKUs
  • Shipping features

Service Point Of Sale Features

  • Advanced scheduling for people, rooms, and equipment
  • Calendar
  • Online reservations
  • Customer-facing booking tools
  • eCommerce integration
  • Loyalty programs
  • Gift cards

Each business type has different needs relating to that industry so knowing what category you fit into will help you. A retail POS provides retail-based solutions, while a restaurant POS does the same for the food industry, which is different from an all-purpose POS.

Your Point Of Sale system should include:

  • Inventory management
  • Accounting
  • Employee management
  • Customer management
  • Sales reporting

Why reports are so important

You should be able to get the information on all voided transactions, what’s product is selling vs what is not moving quickly, employee productivity and sales, percentage of labor against sales to calculate exact profitability, etc. Having these options built-in will save additional costs on a third-party CRM.

Cloud-Based POS Features

Data Protection

Having a cloud-based POS means that nothing is stored on your computer, meaning you can access your information wherever. Having the peace of mind that nothing can hinder keeping your business up and running. All information is encrypted and very secure.

Multi-Device Access

Cloud-based systems allow for access to data wirelessly from any device. Logging on to take care of orders, employee management or processing transactions is simple and can be done very quickly. Multi-device access is just as important, if not more so withing the actual establishment. Being able to take care of more customers quicker and at various locations will speed things up tremendously which leads to happier customers.

Online & Offline Functionality

If you are operating on a server and if it were to go down, your business goes down with it. Most POS companies are offering some type of offline functionality, when using the cloud you still have access to the needed functions. You still have the ability to take card payments, the encrypted data is held in a queue until the connection is restored.

Multi-OS Compatibility

Cloud-based POS options support either Android, Apple or web-based. You can integrate with pretty much anything you want to.

Low Initial Cost

POS systems come with a hefty price tag when you are adding everything together with your start-up costs or day to day operations. When using a web application there is a monthly subscription that is minimal where the benefits far outweigh the costs, but it is also allowing you to take cards as long as you have internet and a card reader. Once you have been operating for a while, you will have a better understanding of what features you would like and need to make an upgrade to better-suited equipment.

Integration With Companion Software

The list of software integrations is growing each day. Cloud-based POS systems can integrate with whatever other software you would like to use. There are also APIs and SDKs to enhance solutions.

Contact us today to see how we can help you get set up with the correct solution.

Check out our POS options here.

Jodi Goddard
In Compliance, Technology & Equipment

Safe-T – Why it matters to your business.

Cardholder data is a huge concern for everyone in the payment industry — consumers, merchants, processors, and even financial institutions. Merchants and the financial institutions will suffer the most from unanticipated expenses resulting from a data breach or the event of fraud.

Consumers want to know that each time they offer their card, whether it is with a POS, eCommerce, over the phone or via email, they need to know their information is safe.

The PCI Security Standards Council has developed their set of industry standards in place to protect such data, they also require service providers to maintain that the high set standard for security. The end goal being software vendors develop secure payment applications that do not store prohibited data. Some of those safeguards are a full magnetic stripe, PIN data and payment applications that are in compliance with the PCI Data Security Standard.

STATS

Honeywell stated consumers are willing to change their shopping behavior to safeguard their data if they personally suffered from a data breach. Seventy-six percent of consumers surveyed would forego credit and debit transactions and 38 percent said they would entirely avoid a particular retailer if they personally suffered from a data breach.

According to SecurityScorecard, more than 90 percent of retailers are out of compliance with the Payment Card Industry Data Security Standard. Penalties for non-compliance are as high as $100,000 every month or $500,000 per security incident.

Merchant Maverick conducted a study and found Two-thirds of cyber breach victims are small to mid-sized businesses. 55% of smaller merchants reported a data breach for the year before. A significant cyber breach could cost a small business upwards of $80K or more. Due to bad press and cost, 60% of small businesses close shop permanently within six months of a cyber attack.

WHERE TO GO FROM HERE

Platinum Payments offers many different types of encryption and security options.

With Safe-T’s layered approach to security, small to medium-sized businesses and their customers can feel more confident that their payments are secure.

Safe-T Solo — Reimbursement up to a maximum of $50,000

Safe-T Silver — Reimbursement up to a maximum amount of $100,000

Safe-T Gold — Reimbursement of up to a maximum amount of $250,000

With each transaction the primary account numbers are encrypted; however, it is imperative that as a business owner you are making sure that your hardware is compatible with your software. For example, if you were trying to process a payment using a POS with Elavon approved software, the information would not go through if the POS failed to encrypt the Primary Account Numbers.

NOW WHAT

First off, there is no reason that anyone should be non-compliant. Think of it as an additional insurance plan for your business. Being compliant helps to defray card network fines, fees or assessments associated with breaches, in addition to your customers feeling safe and secure.

The information is there, the knowledge is there, the technology is there, awareness is increasing, now it is just a matter of what a responsible business owner will do with it. Remember, you are fine, until your not. So, why risk it? The help and resources are there, so use it.

** The SAFE-T for SMB Services only apply to card-present Transactions (the

processing environment where the Payment Device is physically presented to the Company

by the Cardholder as the form of payment at the time of Transaction) and mail

order/telephone order transactions, and do not apply for Electronic Commerce Transactions.

For mail-order/telephone order transactions, information must be hand-keyed into the POS

Device for SAFE-T For SMB Services to apply.

Jodi Goddard
In Compliance, Payment Processing Industry, Retail

What’s your rate?

A lot of people always ask “What is your rate”, unfortunately, it is not that simple. There are over 800 different options.

If we break down the fees one keyword to know is Interchange.

Interchange is a set of fees that have been added by the card issuer. The network will collect the fees and pay them directly to the bank that issued the card.

When someone uses a card to make a purchase, Visa and other card companies do the transfer process from one bank to the other. In order for them to do that they add their fees, which are referred to as Interchange, or dues, fees, and assessments. The card companies then pay the bank and collect their network fees.

So, look at it this way, you need to take the subway from A to B, you have to pay the fare. If you had forgotten something important at home and had to go from B back to A, you again, pay the fare. Once you have gotten the things you needed and head back to the subway to go from A to B again, you still have to pay the fare.

That is the easiest way to explain what interchange is and how it works. Each time the banks transfer money, there is a fare charged to send and receive that information. If you are not taking cards correctly, that process starts all over again and it charges another fee. This is why it is so important that Merchants are doing their best to make sure they have all the correct information and running the cards the correct way to minimize all the transfer fares.

The card issuers determine what those rates will be, which vary from card to card. They also decide which type of card goes through at a higher rate, such as; debit, credit, rewards and corporate cards. So, knowing how to take cards correctly is a big deal when it comes to security and savings.

There are a few different areas of compliance, PCI is one of them. Merchants really should make sure that they are compliant with their own protection. If they are not compliant, the liability all rests on their business if fraud were to happen. I have heard from so many people, “Oh I’m fine, it rarely happens, no one I know has been affected” etc. Well, the problem with that is you’re fine until you’re not. Why take the risk when being compliant is a very simple process and needs to be done once a year.

It’s a huge risk for a business to take on, in the chance that there is a breach or fraudulent card, most businesses’ would not be able to recover from that devastation. In addition, risking the chance of a penalty by the card issuers for not being compliant.

At Platinum, we offer a monthly protection plan and account monitoring to make sure that our clients are always protected from the increasing instances of fraud and data breach. Talk to one of our Professional Consultants today on how we can help!

Jodi Goddard
In Compliance, Technology & Equipment

Secure It Or Lose It.

Mobile payments, whether on the receiving or paying end, is taking up a major chunk of how payments are made. With that, there has also been a huge increase in mobile payment fraud.

Prakash Ranganathan, Director of Cybersecurity at University of North Dakota noted hackers are finding a “lucrative target” in cheap card readers that attach to smartphones or tablets because it’s fairly easy to exploit their vulnerabilities. Therefore, it’s best to invest in higher-quality, more costly card readers.

Mobile phones are just like a laptop or PC, they are running on various hard and software systems.

I’m sure we all know someone who is still using an older device, which would be considered obsolete.

From a personal use standpoint, no big deal. From a business standpoint? DANGEROUS.

Why is it so “dangerous”?

The older devices are not able to support the latest security technology, leaving you wide open for hackers and fraud. According to a survey, the total percentage of mobile payment crimes has reached 71% in 2019. This percentage will only continue to climb higher and higher. As a responsible business owners, we need to revamp how we handle our mobile payments. Since I am a wannabe security expert (hell bent angry consumer) I want others to be safe; merchants, and the customers.

Unlocked, or rooted phone?

You may think that having an unlocked, or rooted phone is cool. If you think that dismantling the entire Operating System and leaving yourself wide open for malware or viruses,…then cool story bro. The rest of us who are informed and aware of the risks won’t be about that life.

According to Tim Armstrong, a security specialist at Boston-based Threat Stack “A lot of people don’t realize what they’re doing,” he said. “When you launch the jailbreak, you’re defeating the security of the phone. Once you do that, every application has full access to the phone and you put trust in the people who create the apps.”

There is no longer any antivirus software available for the Apple iOS, and the few products that did exist were limited in their abilities. “That’s because Apple locked down the operating system,” Armstrong said. “But if you jailbreak your iPhone, it’s buyer beware.”

Long story short; if you jailbreak your iPhone, or root your Android, you’re on your own. There’s no program that can protect you from infection, other than Jailbroken apps, which are not always supported in new versions of the Apple iOS, and each system update pushed out by Apple usually will erase jailbroken apps that depend on them. You’ll have to jailbreak the device again, reinstall the unauthorized apps and hope they all still work.

Do Customers even notice or think about security?

A study by Auriemma Consulting Group revealed about one-third of customers who make purchases via mobile payments were worried about security. Customers (myself, and anyone I associate with) won’t use a payment reader that looks outdated, on the mall wi-fi or showing any hint of being unsecured. If your customers see things as sketchy, you’ve not only lost a sale, but also on future sales, and maybe even referrals.

How to stay safe with mobile payments

It is paramount to be even more careful with mobile payments than the typical POS (Point of Sale). A POS is safer because it is running behind a firewall. Smartphones are not classified as a dedicated hardware for payments because they were not designed with that in mind.

A very scary reality is that older and outdated card readers are still in circulation and processing payments successfully. A customer is not going to know whether the reader is up to date and PCI compliant or not.

You should REQUIRE the following information for any mobile or over the phone payments;

  • Complete card number
  • Expiration date
  • Security code / CVV code
  • Billing zip code

Key Practices for phone / mobile payments.

1. On the signature line of the printed receipt for the order, instruct your staff members to write “Phone order.”

2. Keep the paper receipt filed with the rest of your receipts and invoices.

3. Do not use a payment option that allows for PIN entry directly into the device, it should only happen with an encrypted PIN pad.

4. Second bank account for mobile payment events, less risk, keeps the rest of the customers safe.

5.Make sure that you are using a password and not auto signing in

6. Phones are very prone to ransomware, from downloads or web pages visited. Business doesn’t mix with pleasure right? This is NOT ant different.

7. Set up phone with the ability to wipe it clean remotely in the chance of loss or theft.

8. Disable auto fill so you are not storing customer information.

9. Don’t even consider using a public wi-fi connection.

If you take one thing away from this blog post, take the fact that doing any and all software updates are paramount for security.

In the year that I have been with Platinum Payments, I have spoken with many many business owners, attended events and learned to see a plethora of red flags, warning signs and where business owners are lacking. I have witnessed first hand (ahem, farmers market) how many merchants are doing the opposite of what safe is. It is incredible to me to see business owners taking so much risk, when it is so simple to be compliant and secure.

One issue that is prevalent with our competitors is they are trying to saturate the market and push for sales, Platinum Payments is taking the time to make sure the security is a top priority. We look out for EVERYONE, not just “our” customers. Even if you don’t like what I have to offer, I would bet that you at least learned something you didn’t know before and ways to implement that new education you just got schooled with.

If one phone call could ensure your business is still standing to see another fiscal year, isn’t that worth the time it would take to talk to someone who does this full time? One call could help you save everything in it’s entirety due to PCI, customer retention, ways to increase revenue, account monitoring, custom built plans, phenomenal customer support, and then maybe even save some money. You do you, let me do the rest.

Jodi Goddard
In Compliance, Technology & Equipment

Best Business Practices

test alt text

If you take a card in any capacity, this applies to YOU; here are a few tips and best practices:

1. Be Up To Date With Software and Equipment

With the various types of POS systems, it is in your best interest to make sure that you have PCI compliant equipment and software. Using outdated or non EMV capable equipment may seem like a good idea to save on upgrade costs, but it is actually a huge liability.

2. Don’t Store Customer Payment Card Data

Never. Never. Never store card data. Storing card information could cost you your business, the longer that information is there, the greater the risk that it could get into the wrong hands. Staples Business Hub explains. “That’s one reason why it’s preferable to securely dispose of any payment information immediately following a transaction.”.

3. Develop Employee Handling Policies

Since employees are the ones handling the cards they will need to be trained to do so the correct way to help minimize cost. All employees should know what is involved in a transaction and how to take card information correctly. Another useful tip is to teach employees the different signs to look for to help avoid fraudulent activity.

4. Always Verify Shipping and Billing Addresses

It is imperative to make sure the billing and shipping addresses match, especially if the card is not present. UPS has a great tool to use called address validator that is free to use if you are unsure whether the address is legitimate or not.

5. Be Extra Careful With Online Purchases

Online purchases should never be done using a public wifi network. Only fill out the required fields, sometimes there is unnecessary information being requested, which can open things up to fraud and identity theft. The retailer is the sole entity liable for fraudulent online purchases. Most businesses could not recover from such devastation.

Conclusion

Taking cards sounds scary and maybe even too much of a risk. We assure you, it is not as daunting as it seems. We make sure that you have the facts and steps to take to protect yourself, and your customers. Checks have already phased out, other methods are not far behind. When you are processing with Platinum, we have your back and will do what we can to ensure that you are safe.

Data Privacy Policy Agreement.

Applicant Privacy Policy
English


Legal Disclaimer
Effective Date: January 1, 2021
This Applicant Privacy Policy (the “Policy”) describes the practices of Platinum Operating Company, LLC d/b/a Platinum Payments (“Company”) regarding the information that is solely collected through the Platinum Workforce Now portal (“Careers Site”) in connection with your application for a job or internship with us.


1. CATEGORIES OF INFORMATION WE COLLECT THAT YOU PROVIDE
We may collect the following information from you in connection with your application through the Careers Site: Name, e-mail address, mobile number, work authorization status, resume, profile information (e.g. work experience, education, skills, licenses & certifications, and memberships), professional and other work-related licenses, permits and certifications, references, and any other information you elect to provide to us (e.g., employment preferences, willingness to relocate, current salary, desired salary, awards, or professional memberships).
If you do not provide sufficient information, we may be unable to consider your employment application.
However, please avoid submitting the following information that may qualify as sensitive information under applicable law, except where such information is legally required: information on race, religion, ethnicity, nationality or national origin, age, gender identity, sex life or practices or sexual orientation, marital status, medical or health information (including disability status), genetic or biometric information, biometric templates, political or philosophical beliefs, political party or trade union membership, background check information, judicial data such as criminal records or information on other judicial or administrative proceedings, and veteran status.
If the personal information you provide contains details of the information referenced in the preceding paragraph or your job evaluations or educational records, you authorize us to handle such details for the purposes of your job application.
Any information you submit through the Careers Site must be true, complete and not misleading. It is your responsibility to ensure that information you submit does not violate any third party’s rights.
If you provide us with personal information of a reference or any other individual as part of your application, it is your responsibility to obtain consent from that individual prior to providing the information to us.


2. USE OF INFORMATION / LEGAL BASIS
We collect and process information about you for the following reasons:
a) Because you voluntarily provide this information;
b) Because this information is necessary to take steps at your request prior to entering into an employment or internship;
c) Because this information is of particular importance to us and we have a specific legitimate interest under law to process it;
d) To comply with a legal obligation; or
e) Where necessary to protect the vital interests of any person.
The information that you submit on the Careers Site will be used for our personnel recruitment, management, and planning purposes, as permitted by local law, including:
• To process your application;
• To assess your capabilities and qualifications for a job;
• To conduct reference checks;
• To respond to your inquiries and communicate with you about your application, and to send you information regarding the Careers Site and changes to our terms and policies;
• To comply with or monitor compliance with any applicable law or regulation;
• To conduct background checks if we offer you a position; and
• To preserve our other legitimate interests, for example, for our administrative purposes, aggregate management reporting, internal training, and as generally required to conduct our business.
The information about you will be added to our candidate database. If you do not wish us to do this, please contactwendy.clawson@ptpay.us.
If we hire you, personal information we collect in connection with your application may be incorporated into our human resources system and may be used to manage the new-hire process; any such information may become part of your employee file and may be used for other employment-related purposes.
We may also use the information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to protect our legal rights and operations or the rights, privacy, safety or property, and/or of us, you, or others; and (e) to allow us to pursue available remedies or limit the damages that we may sustain.


3. DISCLOSURE OF PERSONAL INFORMATION
We may share personal information with affiliates and/or partners that are involved in and/or for performing pre-employment, post employment processes in compliance with state and federal law, evaluating candidates for a given position and to track employee and/or contractor performance and progress. We will make the information available to personnel with a business need to know the information, including personnel in the recruiting, human resources, and information technology departments, and in the department responsible for the position for which you are applying and for which you, if hired on an employee or contract basis, hold.
We may share personal information with third-party service providers who provide services such as hosting and operating the Careers Site, recruiting assistance, background check processing, Work Opportunity Tax Credit, eVerify, Equal Employment Opportunity Commission, and any other governmental programs the business elects for voluntary or compliance purposes and similar services.
We also may share personal information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to protect our legal rights and operations or the rights, privacy, safety or property, and/or of us, you, or others; and (e) to allow us to pursue available remedies or limit the damages that we may sustain.
We may transfer information in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
Disclosing your personal information may include transferring personal information to other countries (including countries other than where you are based that have a different data protection regime than is found in the country where you are based). If you are located in the European Economic Area (the “EEA”), this may include countries outside of the EEA.


4. DATA RETENTION
We keep your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you (such as an application process); as required by a legal obligation to which we are subject; or as advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).
We may remove personal information for inactive accounts, subject to any applicable legal or regulatory obligations. Furthermore, we may delete personal information about you (including your CV/résumé) from our database at any time and without providing any reason. Therefore, please retain your own copy of the personal information provided to us.


5. PASSIVE INFORMATION COLLECTION: COOKIES AND TRACKING TECHNOLOGY
When you visit the Careers Site, we collect certain information by automated means. Cookies are small text files that websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the “help” section of your browser to learn about cookie preferences and other privacy settings that may be available.
We also use Flash Cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experience. The Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation. We use Flash Cookies for security

purposes and to help remember settings and preferences similar to browser cookies, but these are managed through a different interface than the one provided by your web browser. To manage Flash Cookies, please see Adobe’s website at http://kb2.adobe.com/cps/526/52697ee8.html or visit www.adobe.com. We do not use Flash Cookies or similar technologies for behavioural or interest based advertising purposes.
Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and/or web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.
We collect different types of information. For example, we collect information from the device you use to access the Careers Site, your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the Internet Protocol (“IP”) address assigned to the device you use to connect to the Internet. An IP address is a unique number that devices use to identify and communicate with each other on the internet. We may also collect information about the website you were visiting before you came to us and the website you visit after you leave the Careers Site.
In many cases, the information we collect is only used in a non-identifiable way, without reference to personal information. For example, we use information we collect about website users to optimize the Careers Site and to understand website traffic patterns. In some cases, we associate the information we collect with your personal information. This Policy applies to the information when we associate it with your personal information.

Although the Careers Site currently does not have a mechanism to recognize the various web browser Do Not Track signals, we do offer individuals choices to manage their preferences that are provided in the previous sections above. The Careers Site does not collect personal information about an individual’s online activities over time and across different websites when a consumer uses the Careers Site. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/. We use Google Analytics as a third-party vendor. For information on how Google Analytics uses data, please visit “How Google uses data when you use our partners sites or apps”, located at http://bit.ly/2jXZ13Y. We also use Pendo as a third-party vendor. For information on how Pendo uses data, please visit https://www.pendo.io/privacypolicy/.

 

6. ACCESS AND CORRECTION
If you register on the Careers Site, you may access, review, and change your personal information stored therein by logging into the Careers Site and updating your account information. However, if you have authenticated your login via a mobile number or email address, such information cannot be updated in the same login session.
We encourage you to promptly update your personal information if it changes or is inaccurate.
Apart from information contained in your profile, where permitted by applicable law, you may request (i) access to personal information we collect, (ii) its modification or suppression, (iii) that we restrict its processing, (iv) that we cease using it (objection right); (v) that we transfer personal information to you or another organization in a structured, commonly used and machine-readable format (right to data portability), and/or (vi) that we not sell any such information. Please email us at wendy.clawson@ptpay.us
or contact us at 1483 Wall Ave, Ogden, UT 84404 with any such requests.
For your protection, we may only implement requests with respect to the information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note that certain personal information may be exempt from such access, correction, or suppression rights pursuant to local data protection laws.


7. SECURITY
We use reasonable organizational, technical and administrative measures to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section below.
We hereby disclaim, as far as permitted by local laws, any liability for us and our affiliates and contractors for any personal information we collect in connection with your application that is lost, misused, illegally accessed, disclosed, altered or destroyed or not timely delivered to our Careers Site.

 

8. LINKS TO THIRD-PARTY WEBSITES
The Careers Site may contain links to other websites. This Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Careers Site links. The inclusion of a link on the Careers Site does not imply endorsement of the linked site or service by us. We encourage you to read the legal notices posted on those sites, including their privacy policies.


9. LAW APPLICABLE TO JOB APPLICATION
This Careers Site is operated from ADP Workforce Now in Dallas, TX. Accordingly, any personal information you submit to the Careers Site will be collected in ADP Workforce Now in Dallas, TX and will be subject to state of Texas laws.
The Careers Site is not intended for distribution to, or use by, any person or entity in any jurisdiction or country where such distribution or use would be contrary to local law or regulation.


10. ABOUT CHILDREN
The Careers Site is not intended for individuals under the age of 18.


11. CHANGES TO THE POLICY
We reserve the right to amend this Policy at any time in order to address future developments, the Careers Site, or changes in industry or legal trends. We will post the revised Policy on the Careers Site or announce the change on the homepage of the Careers Site.
You can determine when the Policy was revised by referring to the “Last Updated” legend on the top of this Policy.
Any changes will become effective upon the posting of the revised Policy on the Careers Site. By continuing to use the Careers Site following such changes, you will be deemed to have agreed to such changes.
If you do not agree with the terms of this Policy, in whole or part, you can choose to not continue to use the Careers Site.

 

12. CONTACT US
If you have questions or requests, please feel free to contact us at info@ptpay.us or USPS address at 1483 Wall Ave, Ogden, UT 84404.