At AUS Merchant Services, Inc., we pride ourselves on maintaining security, transparency and integrity in our work, and recognize the importance of protecting and respecting your Personal Information.
2. What Personal Information do we collect?
Depending on the nature of your interactions with us, we and our service providers may collect or receive the following categories of Personal Information about you:
- Personal identifiers
To open an account or use AUS services, you will be asked to provide identifying information about yourself (e.g. name, address, date of birth, phone number and email address) and your company (together, “Account Information”), together with documents to verify the information provided – such as, a copy or record of your identity cards, passport or other travel document information, your proof of address, occupation, nationality, country of birth, source of funding, source of wealth and/or other information from checks, credit cards, bank statements, address proofs or money orders (together, “Identification Information”). You will also be asked to provide “Profile Information” including your username and password. Please note that copies of your identity cards (e.g., driver’s license and passport), bank account details, and your account log-in credentials are considered “sensitive personal information” under certain state laws and may be subject to additional rights and protections as described in Section 8 and Section 11 below.
- Financial information
In order to make payments, you will be asked to provide the information required to facilitate the payment – e.g. Beneficiary Information (see below) and certain Commercial Information (see below) – in particular, bank account details and source of funds. Please note that bank account details are considered “sensitive personal information” under certain state laws and may be subject to additional rights and protections as described in Section 8 below.
Through the course of our business relationship, we may ask for additional evidence in order for us to comply with our legal obligations – e.g. anti-money laundering regulations. These can include, but are not limited to, documents required to verify any information provided or evidence of source of funds (“KYC/AML Information”).
- Commercial/transaction information
Once your account is fully set up and you begin to transact with us, we will collect your AUS financial and transactional information. This information includes the transaction amount, currency, type of transaction, source of funds, exchange rate, recipient name and bank details (together, “Transaction Information”). We also collect records of the AUS products, services, and solutions you purchase or consider. Please note that bank account details are considered “sensitive personal information” under certain state laws and may be subject to additional rights and protections as described in Section 8 below.
- Biometric information
Our verification of information with anti-fraud service providers and electronic identity verification services may include the collection of biometric information (via facial recognition technologies) used for real identity verification and authentication purposes. Please note that biometric information is considered “sensitive personal information” under certain state laws and may be subject to additional rights and protections as described in Section 8 and Section 11 below.
- Internet or other electronic activity information
For the detection and prevention of fraud and cyber-crime, we will collect session information, device ID, user agent, and IP address (“Device Information”) to help ascertain the legitimacy of the account login. We will also collect information about your activities on and use of our Sites including, for example, browser history, product engagement, length of visit/usage, page views, IP address or other unique identifiers, browser/platform type and version, internet service provider, operating system, referral source/exit pages, device operations, and other information regarding your interaction with our Sites and our advertisements (“Usage Information”). We also embed tracking tools within the emails and other communications we send to you to help us understand how you interact with those messages, such as whether and when you opened a message or clicked on content within the message.
- Professional information
When you apply for a job with us, we collect information you submit as part of your application and resume. This might include your work experience and previous employment, the URL to your personal or professional websites, your workplace skill sets and certifications, whether you need a visa or require sponsorship, and/or start date. We may also conduct a credit check, background check, and employment verification to the extent permitted by applicable law.
- Geolocation information
We collect precise geolocation of your devices when you register and log in to our website. Please note that precise geolocation is considered “sensitive personal information” under certain state laws and may be subject to additional rights and protections as described in Section 8 below.
- Audio and visual information
The AUS user community participants will have their sessions recorded to allow us to capture the feedback to improve our services and help with the development of new products.
All calls are recorded and correspondence retained for the purposes of quality control and training, as evidence of transactions, and to fulfil regulatory requirements. Any information you disclose to us will be held on these recordings in compliance with applicable law (“Call Recording Information”).
- Public information
For non-registered users, we may contact you using publicly available information or information from third parties (i.e., name and contact details). Such third party sources include, for example, social media platforms, company registration lists, and telephone and other publicly available directories.
- Inferences drawn from the Personal Information identified above
We may, in the course of business, draw inferences from Personal Information you have provided in order to improve our services. For instance, we might infer your gender or age based on other information collected.
3. How do we collect your personal information?
We and our service providers collect the above-described categories of Personal Information (including sensitive personal information) from various sources, directly and indirectly, as set forth below:
- Directly from you: We collect Personal Information that you provide to us when you submit information through our Sites, register for an account, request information about our products or services, provide us with your information at an event, or when you otherwise voluntarily provide information to us through our web portal, email or phone number.
- Through our vendors and service providers:We obtain Personal Information from service providers and vendors we engage to help us run our business, such as those that provide cloud hosting services, assist in sending emails, provide technical assistance and security, provide database management and back-up services, help us analyze data and perform analytics, provide marketing or advertising services, and assist us in recruitment, hiring, and vetting of job applicants. To protect ourselves and our customers against fraud, we verify the information you provide (e.g., the KYC/ AML Information) with anti-fraud service providers and electronic identity verification services, and we may also get information from credit reference agencies. In the course of using these various vendors and service providers, we receive and process Personal Information about you.
For individuals who are not registered users of AUS, we may also collect information about connected parties or beneficiaries, as described below:
- Beneficiaries. AUS will collect information about beneficiaries (i.e., recipients of a payment) from an AUS client as required to be able to send a payment to the individual, who may not be an AUS client. This will include name and bank account details of the beneficiary that are required by regulations to process the payment (“Beneficiary Information”).
4. How do we use your personal information?
We may use Personal Information (including sensitive personal information) for several purposes, including:
- For registration and administration purposes
We use your Personal Information to enable you to register with us. Once you have an account with us we will use your Personal Information to contact you, reply to any queries or requests, and to fulfil your transactions. We will use your Personal Information in the administration of your account, which includes us contacting you in order to update your account details (this assists with keeping our records up to date) or in order to notify you of changes or improvements to our products or services that may affect our service to you – you cannot opt-out of the receipt of these service messages.
- To provide and improve our products and services
We use your Personal Information in order to provide and improve our products and services (including, enabling transactions and facilitating payments) and to meet our contractual obligations to you. This will include the sharing of your Personal Information with Banking Partners or AUS Group Companies. We also use your Personal Information to maintain, provide, and improve the Sites, including troubleshooting errors and incidents, analyzing web traffic, diagnosing and resolving problems, and optimizing the user experience. We use Personal Information to understand our customers’ actions, behaviors, preferences, transactions, expectations, and feedback in order to improve our products and services, develop new products and services, and to improve the relevance of offers of products and services by us.
- To prevent, detect, and investigate crimes and other malicious activity
We use your Personal Information to prevent, detect, investigate, and remediate crimes, fraud, and other malicious activity. We are subject to strict anti-money laundering and counter-terrorist financing regulations, which requires us to undertake due diligence on our customers and their beneficiaries. This may include conducting soft searches through an identity-referencing agency and through other sources of information and the use of scoring methods to identify risk and to verify identity. These activities may involve the use of electronic verification tools (such as, facial recognition technologies) and the collection of biometric data. It may also include the sharing of Personal Information with police, law enforcement, tax authorities or other government and fraud prevention agencies. We may use Personal Information to protect against cyber threats.
- For advertising and direct marketing
We use Personal Information for marketing and advertising purposes. For instance, we may use your Personal Information to keep you up to date concerning the products and services of AUS Group Companies and third parties that we think you might be interested in, to promote new products/services, or to ask about your experience with us. You can opt-out from the receipt of these communications at any time. Our marketing activities may include sending marketing communications directly to you through various channels (e.g., email and/or print mailings), as well as serving you with targeted advertisements online. We may market to customers of other AUS Group Companies, and we may assist other AUS Group Companies in marketing to our customers. For this purpose, we may share your mailing addresses and email address with other AUS Group Companies in countries such as the United Kingdom, the Netherlands, Singapore and Hong Kong.
- For monitoring and training purposes
We record all of our telephone calls for security and training purposes (e.g., to assess the quality of our customer services and to provide staff training).
- To enforce our rights and comply with legal or regulatory obligations
To defend and enforce our rights including, against legal claims that involve us or other AUS Group companies, and to manage regulatory matters, investigations, data breaches, and/or data subject requests (such as verifying your identity and taking steps to fulfill your data subject request). We will process your Personal Information as required to comply with laws, rules, regulations, and court orders.
- For transaction purposes
To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by us or any AUS Group company.
- For hiring purposes
If you apply for a job with AUS, we will use your Personal Information to evaluate your application and your fitness for a position.
- For other lawful purposes
We will use your Personal Information for other lawful purposes and for purposes that we may disclose to you at the time we collect a specific piece of Personal Information, including to provide products and services to you in accordance with contractual terms set forth in the Zyla Terms and Conditions and any supplements thereto.
5. Who do we share your Personal Information with?
The following chart describes the categories of Personal Information (including sensitive personal information) we collect, and the categories of third parties to whom we may disclose such information for a business purpose. Below the chart, we describe the types of entities included within each category of third party.
|Categories of Personal Information
|Categories of third parties with whom we may share Personal Information for a business purpose
|Personal identifiers: Name, address, date of birth, email address, telephone numbers, IP address or other unique identifier, documents to verify the information provided, and other similar information.
|Financial information: Beneficiary information, bank account details, source of funds, information to send a payment to an individual, documents required to verify any information provided or evidence of source of funds, and other similar information.
|Commercial/transaction information: The amount, currency, type of transaction, source of funds, exchange rate, recipient name and bank details.
|Biometric information: Facial recognition information for identity verification, authentication and anti-fraud purposes as described in Section 11 below.
|Internet or other electronic network activity information: Session, device, IP address, browser and search history, product engagement, and information regarding interaction with our Sites and our advertisements.
|Professional information: Information you submit as part of a job application, such as work history, qualifications, and whether you need a visa or require sponsorship.
|Audio or visual information: Recorded sessions of AUS user community participants, calls and correspondence, and other similar information.
|Inferences from the Personal Information identified above: Inferences made based on Personal Information provided to AUS.
Definitions of the categories of third parties:
- “AUS Group Companies”
AUS Group Companies refers to Affiliates of AUS. For purposes of this definition, “Affiliate(s)” mean, with respect to a person, any other person that directly or indirectly Controls, is Controlled by, or is under common Control with, that person, and—in turn—the terms, “Control” (including its correlative meanings, “Controlled by” and “under common Control with”), mean, with respect to a person, the possession, direct or indirect, of the power either: (a) to vote based upon a holding of 50% or more of the securities, shares, stock, equity interest or comparable ownership interest having voting power; (b) to elect 50% or more of directors of the board (or comparable positions in the case of persons without directors); or (c) to direct or cause the direction of the management and policies of such person by contract or otherwise.
These AUS Group Companies will access and process your Personal Information categories included in Section 2 to assist in the provision of services to you, in accordance with the Terms and Conditions and any supplements thereto, including to assist with compliance and anti-money laundering activities and for internal audit purposes. We may also share your mailing addresses and email address with AUS Group Companies for their marketing and cross-selling opportunities.
- “Banking Partners”
AUS uses various banking partners around the world to ensure your payment can get to where it needs to go as quickly as possible. When you transact with AUS, we will need to share your Personal Information with payment providers and banking partners, including those located outside of the United States, such as intermediary or beneficiary banks – e.g. if you ask us to make a USD payment to China – Hong Kong the funds may be cleared through an intermediary bank in the US before reaching China – Hong Kong.
For transparency, verification and legal requirements, we are required to include certain information on the payment which could include: Account Information, Beneficiary Information and your Identification Information.
In addition, where you use the services of a banking partner of ours, and/or a banking partner requests us to provide certain data about you according to your authorization, we may share your Personal Information with such banking partner to provide the relevant banking services to you.
- “Referral Partners”
We work with certain platforms that refer merchants and participants to the services and platforms provided by AUS. If one of our referral partners introduced you to AUS, we may provide them with your Personal Information described in Section 2 as necessary to fulfil our contractual obligations with the partner. We may also cooperate with referral partners to provide financial services to you. In order to provide such financial services that are suitable for you, we may share any Personal Information that is necessary to determine whether you are suitable for such services and, accordingly, your creditworthiness. This may include the conduct of soft searches and the use of scoring methods to identify risk and verify identity.
Additionally, we may share your contact details with a referral partner for marketing purposes if we are allowed to do so under applicable laws. This sharing may constitute a “sale” under applicable privacy laws.
- “Advertising Providers”
We may share Personal Information with companies that help us with our marketing efforts, including social media platforms, advertising networks, and ad tech companies. This allows us to serve interest-based advertisements that may be more relevant to you. Personal information received by our partners and other parties may also be subject to their privacy policies. This sharing may constitute a “sale” under applicable privacy laws.
- “Contractors, Professional Advisors and Service Providers”
We may share any Personal Information identified in Section 2 above with our contractors, professional advisers and third party service providers who assist us in the operation of our business. Examples include vendors that provide administrative support, customer support, telecommunications and email solutions, computing, remittance, background checks, web hosting, marketing and advertising services, audit and compliance, identity authentication, or other services to us in connection with the operation or maintenance of our products and services. We may also share your Personal Information with vendors to help detect and protect against fraud or data security vulnerabilities.
- “Other Parties”
If you are a seller on an e-commerce platform, we may share your Personal Information with those e-commerce platforms that are necessary to help detect and prevent fraud, money laundering, dealing in counterfeit goods and other criminal or abusive behaviour. We provide such information to allow such platforms to identify AUS accounts used by their sellers, and then, for these specific accounts, provide information about the account holder and its associated persons, payments out of the account, other accounts linked to that account, and indications of suspicious activity on the account.
- “Regulators and Law Enforcement”
We may share your Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. This may include all Personal Information identified in Section 2 above.
Additional ways in which we may share Personal Information
In addition to the categories of third parties described above, we may transfer your Personal Information to a third party in the event of an actual or contemplated sale, merger, financing, disposition, or reorganization of our corporate entity, or other similar restructuring. In such cases, all Personal Information categories included in Section 2 may be disclosed on a need-to-know basis depending on our business needs and the type of corporate transaction.
Also, we may share any of your Personal Information categories included in Section 2 with any person validly acting on your behalf, provided that you have given us the permission to do so.
6. Cookies and other tracking technologies
7. How long do we keep your Personal Information?
AUS will only retain your Personal Information (including your sensitive personal information) for as long as is reasonably necessary for the purpose for which the information was collected, or as legally required. We will not hold or process your Personal Information for any longer than we are legally permitted to. The criteria used to determine the appropriate retention period includes:
- Regulatory requirements AUS is subject to
- Whether a legal claim could be brought against AUS
- Necessity of information to provide our service to our customers
- The types of Personal Information being processed
- The legal basis for processing your information – e.g. consent
Information about connected parties and beneficiaries, which may not belong to an AUS client, are stored for a period to comply with applicable legal requirements.
8. What are your choices and your privacy rights?
You have certain choices about how we use your Personal Information, as described here:
- You can control cookies and tracking tools: If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your browser’s documentation instructions for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, certain aspects of the Site and our services may not function properly or as intended. Please note that you will need to make these selections for each device and each browser you use to access the Services.
- You can opt-out for of email marketing and certain other communications: You may manage your receipt of marketing communications by clicking on the “Unsubscribe” link located on the bottom of an applicable AUS marketing email and following the instructions found on any page to which the link may take you. Please note that you cannot opt out of receiving administrative, support, or transactional e-mails.
- You can control location tracking tools: To control the collection of your precise location on your device, you can adjust the settings on your device, such as by disabling location services. Please consult your browser’s instructions regarding how to turn off location services. If you disable location services, you may not be able to use the full array of features and functionalities available through our Sites or services.
In addition to the above choices, under applicable privacy laws you may also have the following privacy rights, depending on where you are located:
Access / Right to Know: You have the right to ask us for any or all of following regarding the Personal Information we have collected about you:
- A portable copy of the specific pieces of Personal Information we have collected about you;
- A list of categories of Personal Information we have collected about you;
- A list of categories of sources from which such Personal Information was collected;
- A list of categories of Personal Information that we sold or disclosed for a business purpose about you;
- A list of categories of third parties to whom the Personal Information was sold or disclosed for a business purpose;
- The business or commercial purpose for collecting and selling your Personal Information; and/or
- Information about the logic involved in any automated decision-making processes used by AUS (if applicable), as well as a description of the likely outcome of the process with respect to you.
Deletion: Upon your request, we will delete the Personal Information we have collected about you, except for situations where applicable law authorizes us to retain specific information, such as when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law.
Do Not Sell My Personal Information or Share my Personal Information for Behavioral Advertising: You can request that we not sell your Personal Information or share your Personal Information for targeted advertising by clicking Do Not Sell or Share My Personal Information web form. Please note that if you would like to opt out of cookie-based tracking for advertising purposes, you will need to go to “MANAGE COOKIES” at https://zyla.com/disclaimer-policies/cookie-policy/ to update your cookie preferences Your selections are specific to the device, website and browser you are using. Your selections are deleted whenever you clear your cookies or browser’s cache. You may also opt out of cookie-based sales and sharing (for cross-context behavioral advertising) of your Personal Information by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC), from your web browser or browser extension. Only certain web browsers currently support such a signal. To find and download a browser that supports the GPC browser signal, visit https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to enable it for each browser and on each device you use to visit the Sites.
Correct or Update my Personal Information: You have the right to request that AUS correct, update, or modify the Personal Information we maintain about you, so that your records are accurate and current.
Limit the Use of my Sensitive Personal Information: In relation to the sensitive personal information identified in Section 2 above, we only use and share such information for the reasonable and proportionate purposes specified under applicable privacy laws (such as protecting against illegal or fraudulent activity and conducting KYC/AML checks).
Opt-out of Automated Decision-Making: You have the right to request to opt-out of any profiling or automated decision-making by AUS in furtherance of decisions that produce legal or similarly significant effects concerning you.
How to exercise your rights, and how we will respond
If you would like to exercise any of the above rights, please contact our Privacy Office at +1 855-797-3366 or submit a request via email at email@example.com, and we will respond to your request. However, please note that the above rights are not absolute and may be subject to limitations.
Verification of your identity
Depending on the nature of your request, we will ask you for identifying information and attempt to match it to information that we maintain about you in order to verify your identity. Not all of the above request types will be subject to verification. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to your request. We will notify you to explain the basis of the denial.
You may designate an agent to submit requests on your behalf. When submitting a request through the methods described above, the agent must identify itself as your authorized agent. Depending on the type of request being submitted, we may request additional verification to confirm you have authorized the agent to act on your behalf.
Requests for household information
There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household Personal Information must be made by each member of the household. To the extent we collect household information and requests are made pertaining specifically to such information, before responding to a request, we will verify the identity of each member of the household using the verification criteria explained above and will also verify that each household member is currently a member of the household.
California Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents that have an established business relationship with a business to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for those parties’ direct marketing purposes in the preceding calendar year. For information and to make a request, please contact us at firstname.lastname@example.org or by writing to us at 525 Almanor Ave Ste 400, Sunnyvale, CA 94085. Please indicate “Shine the Light Request” in your communication.
Do Not Track
Our Sites respond to opt-out preference signals as described further above in this Section 8.
9. Personal Information of minors
Our products and services are not directed to minors under the age of 13, and we do not have actual knowledge that we collect Personal Information from such minors. We do not have actual knowledge that we sell the Personal Information of any minor under the age of 16.
We store all data electronically and physically in a manner aimed at securing and protecting the data’s confidentiality, integrity and availability. Those measures include administrative, physical and technical safeguards designed to protect the security, confidentiality and integrity of Personal Information. If you provide paper-based documentation for the purpose of identity verification these will be stored electronically, and the original will be destroyed securely or returned to you.
However, transmission of data on the internet can never be completely secure due to a variety of factors that cannot always be prevented or controlled. Despite our reasonable efforts, we do not and cannot guarantee the security of any information collected, stored, or transmitted.
11. Biometric Data Policy
As used herein, “Biometric Identifier” means a retina or iris scan, fingerprint, voiceprint, scan of hand or face geometry, or other unique biological patterns used to identify a specific person; “Biometric Information” means any information based on a person’s Biometric Identifier and used to identify that person.
Use and Sharing of Biometric Identifiers
We may from time to time request your consent to collect, use, and share your Biometric Identifier(s) and/or Biometric Information. We may process Biometric Identifiers and Biometric Information for any lawful purpose that we describe to you at the time we request your consent, such as for anti-fraud and identity verification purposes to ensure that the person registering an account is the same person pictured on the relevant government identification.
We will not share or disclose your Biometric Identifiers or Biometric Information without first obtaining your prior consent in accordance with applicable laws.
Retention Policy and Guidelines for Destroying Biometric Identifiers and Biometric Information
We will only retain Biometric Identifiers and Biometric Information until the initial purpose for collecting or obtaining such information has been satisfied, or for three (3) years following your last interaction with us, whichever occurs first. When the retention limit has been reached, we will permanently destroy all copies of your Biometric Identifiers and Biometric Information in our possession, whether in electronic or hard copy format, and we will require our vendors, service providers, and other authorized recipients to do likewise. The exception to this is where we are required by applicable law, court order, or law enforcement request to retain your Biometric Identifiers and Biometric Information for a longer period of time.
Notwithstanding the foregoing general rules, we may specify a shorter retention period and more restrictive destruction guidelines when we request your consent to collect, use, and disclose your Biometric Identifiers and Biometric Information. If we do, such shorter period and more restrictive guidelines will govern in that specific instance.
You may request that we delete your Biometric Identifiers and Biometric Information by contacting us at email@example.com. Please note that any deletion request will be subject to our legal obligations to retain such information, and if we delete your information before its purpose has been fulfilled we may no longer be able to provide our services to you.
12. External links
Our Sites may contain links to other third-party websites, which may have privacy policies/statements that differ from our own. We are not responsible for the activities and practices that take place on these websites. Accordingly, we recommend that you review the privacy policies/statements posted on any website that you may access through our Sites.
13. Contact us
If you would like to get in contact with us, please contact our Privacy Office by sending an email to firstname.lastname@example.org or by writing to us at 525 Almanor Ave Ste 100, Sunnyvale, CA 94085.
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.