Protecting privacyBuilding trust

We commit to the following as our policy to each of our customers and consumers:

• We will safeguard the personal information shared with us in accordance with strict standards of security and confidentiality.
• We will limit the collection and use of personal information to only what is necessary to deliver superior service to our customers. Such personal information may be used for the purposes of administering payment services, advising customers and consumers about our products, services and other opportunities, and to administer our business, which may include implementing and operating web sites; facilitating sales and marketing campaigns including loyalty programs; screening and verifying the identity of persons applying for payment cards and electronic payment accounts which may also be a legal/regulatory requirement; approving and issuing such payment cards and accounts; processing payment authorizations and payment transactions; providing customer service and support; monitoring, detecting and preventing fraud; providing compliance services; providing compliance and security assurance reports under various regulatory regimes including PCI DSS, PCI 3DS, ISO 27001, ISO 22301, ISO 27701, ISO 18295, SSAE18 SOC1/2 Type II; and other related services.
• We will retain each individual’s personal information for only as long as needed to fulfill the intended purpose for which it was collected, or as may be required by law.
• We will make access mechanisms available that will allow each individual to change their personal information at any time, and make other choices about the use and disclosure of their personal information. Such access and changes may be made through our online portal or through our Customer Service Center by means of telephone, fax, letter, email, etc.
• We will not reveal personal information to a third party unless we have previously informed the subject individual in advance through disclosures and agreements, have received the individual’s consent, or are required to by law. Examples of third parties we reveal and share personal information with include the issuers of payment cards and digital payment accounts, payment services providers, legal and regulatory authorities and identity verification service bureaus. Individuals agree, at the time they apply for enrollment in the payment program, to allow i2c to share their personal information with these third-party organizations. If an individual decides after enrollment to further restrict the use or disclosure of their personal information, this may result in the limitation or discontinuance of certain services we provide to that individual.
• We will provide timely notice to individuals of the type of personal information we collect, how we use it, and the types of third-party organizations we may share it with.
• We will continually maintain proper safeguarding of the personal information in our care, to protect the privacy of each individual
• We will require authorized third-party organizations with whom we share personal information to have at least the same strict level of security and confidentiality as we do, and require that they allow us to verify their compliance with these security and confidentiality controls.
• We will continually assess ourselves to ensure that each individual’s privacy rights are being respected. We will conduct our business in a manner that fulfills our Privacy Policy objectives in every region of the world we do business.

In accordance with the Data Privacy Framework Program

i2c complies with the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework, and the UK-US Data Bridge or Extension to EU-US Data Privacy Framework (DPF) as set forth by the U.S. Department of Commerce International Trade Administration, regarding the collection, use, and retention of an individual’s personal information (other than HR data) that is transferred from the European Union, the United Kingdom and/or Switzerland to the United States in reliance on the DPF. i2c has certified to the Department of Commerce ITA that it adheres to the DPF Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov

The Data Privacy Framework includes the following seven Data Privacy Framework Principles embraced by i2c (also includes sixteen Data Privacy Framework Supplemental Principles as applicable):

• Notice
• Choice
• Accountability of Onward Transfer
• Security
• Data Integrity and Purpose Limitation
• Access
• Recourse, Enforcement and Liability

In cases of Accountability of Onward Transfer, i2c retains responsibility for the subsequent transfer of personal information (other than HR data) to an authorized third party.

To the extent permitted by applicable laws and regulations, individuals have the right to access their personal information and limit its use and disclosure, or have it deleted. To exercise your right to access your personal information and limit its use or disclosure, or have it deleted, please contact i2c’s Customer Service Contact Center using the contact number provided to you when your account was created or by using the contact information found in the online portal for your account.

In compliance with EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, i2c commits to resolve DPF Principles-related complaints about its collection and use of your personal information. EU,UK and Swiss individuals with inquiries or complaints regarding i2c’s handling of personal data received in reliance on EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact

i2c at:
Name: Terry Ryan
Email: i2c.industryrelations@i2cinc.com