While information is the cornerstone of our ability to provide superior service, our most important asset is the trust of our customers and constituents. At i2c Inc. (i2c), our top priority is to keep the Personal Information entrusted to us secure, use it only as individuals would want us to, and honor each individual’s right to access and update their Personal Information at any time.
We commit to the following as our policy to each of our customers and constituents:
- We will safeguard the Personal Information shared with us in accordance with strict standards of security and confidentiality.
- We will limit the collection and use of Personal Information to only what is necessary to deliver superior service to our customers and constituents. Such Personal Information may be used for the purposes of:
administering payment services, advising customers and constituents about our products, services and other opportunities, and to administer our business, which may include implementing and operating web sites; facilitating sales and marketing campaigns including loyalty programs; screening and verifying the identity of persons applying for payment cards and electronic payment accounts which may also be a legal/regulatory requirement; approving and issuing such payment cards and accounts; processing payment authorizations and payment transactions; providing customer service and support; monitoring, detecting and preventing fraud; providing compliance services; providing compliance and security assurance reports under various regulatory regimes including PCI DSS, ISO27001:2013, SSAE16/ISAE3402 SOC1/2 Type II; and other related services.
- We will retain each individual’s Personal Information for only as long as needed to fulfill the intended purpose for which it was collected, or as may be required by law.
- We will make access mechanisms available that will allow each individual to change their Personal Information at any time, and make other choices about the use and disclosure of their Personal Information. Such access and changes may be made through our online portal or through our Customer Service Center by means of telephone, fax, letter, email, mobile texting and other forms of communication.
- We will not reveal Personal Information to a third party unless we have previously informed the subject individual in advance through disclosures and agreements, have received the individual’s consent, or are required to by law. Examples of third parties we reveal and share Personal Information include payment card and payment account issuers, payment service providers, legal and regulatory authorities and identity verification service bureaus. Individuals agree at the time of service enrollment to allow their Personal Information to be shared with these third-party organizations. If an individual decides after enrollment to further restrict the use or disclosure of their Personal Information, this may result in the limitation or discontinuance of certain services we provide to that individual.
- We will provide timely notice to individuals of the type of Personal Information we collect, how we use it, and the types of third party organizations we may share it with.
- We will continually maintain proper safeguarding of the Personal Information in our care, to protect the privacy of each individual.
- We will require any other organization with whom we share Personal Information to have at least the same strict level of security and confidentiality as we do, and require that they allow us to verify their compliance as may be needed.
- We will continually assess ourselves to ensure that each individual’s privacy is being respected. We will conduct our business in a manner that fulfills our Policy in the many regions of the world we do business.
i2c maintains compliance with the US Department of Commerce’s International Trade Administration (ITA) EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, regarding the collection, use and retention of Personal Information transferred from European Union member countries and Switzerland to the United States respectively.
The ITA Privacy Shield Frameworks include the following seven Privacy Shield Principles embraced by i2c:
- Accountability of Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement and Liability
and the following sixteen Privacy Shield Supplemental Principles (as applicable):
- Sensitive Data
- Journalistic Exceptions
- Secondary Liability
- Performing Due Diligence and Conducting Audits
- The Role of the Data Protection Authorities
- Human Resources Data
- Obligatory Contracts for Onward Transfers
- Dispute Resolution and Enforcement
- Choice – Timing of Opt-Out
- Travel Information
- Pharmaceutical and Medical Products
- Public Record and Publicly Available Information
- Access Requests by Public Authorities
In cases of Accountability of Onward Transfer, i2c retains responsibility for the Personal Information we receive and subsequently transfer to a third party that is acting as an agent on our behalf.
Judicial Arbitration and Mediation Services Inc. (JAMS).
The services of JAMS are provided to you at no cost. If you do not receive a timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may, under certain conditions, invoke binding arbitration via i2c’s Alternative Dispute Resolution Provider, JAMS. Should you wish to pursue this option, you may visit the following JAMS webpage for more information or to file a complaint:
If an issue remains unresolved after pursuing the above mechanisms for resolving complaints regarding i2c’s compliance with the ITA Privacy Shield Frameworks, you may, under certain conditions, raise the issue with your Data Protection Authority, and at no cost to you, invoke binding arbitration with the US Department of Commerce’s ITA. Should you wish to pursue this option, you may visit the following Annex I webpage for more information:
i2c is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC) and the US Department of Transportation. i2c may be required to disclose an individual’s Personal Information in response to a lawful request issued by a public authority, including a US national security agency, a local/regional law enforcement agency, and/or a court of law.
We self-certify compliance with www.privacyshield.gov.