While information is the cornerstone of our ability to provide superior service, our most important asset is the trust of our customers and constituents. At i2c Inc., including our subsidiaries, i2c Processing Inc. and i2c Services Inc. (i2c), we consider it a top priority to keep the personal information entrusted to us secure, use it only as the subject individuals would want us to, and honor each individual’s right to access and update their personal information at any time.
We commit to the following as our policy to each of our customers and constituents:
- We will safeguard the personal information shared with us in accordance with strict standards of security and confidentiality.
- administering payment services, advising customers and constituents about our products, services and other opportunities, and to administer our business, which may include implementing and operating web sites; facilitating sales and marketing campaigns including loyalty programs; screening and verifying the identity of persons applying for payment cards and electronic payment accounts which may also be a legal/regulatory requirement; approving and issuing such payment cards and accounts; processing payment authorizations and payment transactions; providing customer service and support; monitoring, detecting and preventing fraud; providing compliance services; providing compliance and security assurance reports under various regulatory regimes including PCI DSS, ISO27001:2013, SSAE18 SOC1/2 Type II; and other related services.
- We will retain each individual’s personal information for only as long as needed to fulfill the intended purpose for which it was collected, or as may be required by law.
- We will make access mechanisms available that will allow each individual to change their personal information at any time, and make other choices about the use and disclosure of their personal information. Such access and changes may be made through our online portal or through our Customer Service Center by means of telephone, fax, letter, email, mobile texting and other forms of communication.
- We will not reveal personal information to a third party unless we have previously informed the subject individual in advance through disclosures and agreements, have received the individual’s consent, or are required to by law. Examples of third parties we reveal and share personal information with include the issuers of payment cards and digital payment accounts, payment services providers, legal and regulatory authorities and identity verification service bureaus. Individuals agree at the time of service enrollment to allow their personal information to be shared with these third-party organizations. If an individual decides after enrollment to further restrict the use or disclosure of their personal information, this may result in the limitation or discontinuance of certain services we provide to that individual.
- We will provide timely notice to individuals of the type of personal information we collect, how we use it, and the types of third party organizations we may share it with.
- We will continually maintain proper safeguarding of the personal information in our care, to protect the privacy of each individual.
- We will require any other organization with whom we share personal information to have at least the same strict level of security and confidentiality as we do, and require that they allow us to verify their compliance as may be needed.
- We will continually assess ourselves to ensure that each individual’s privacy is being respected. We will conduct our business in a manner that fulfills our Policy in the many regions of the world we do business.
The Privacy Shield Frameworks include the following seven Privacy Shield Principles embraced by i2c:
- Accountability of Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement and Liability
and the following sixteen Privacy Shield Supplemental Principles (as applicable):
- Sensitive Data
- Journalistic Exceptions
- Secondary Liability
- Performing Due Diligence and Conducting Audits
- The Role of the Data Protection Authorities
- Human Resources Data
- Obligatory Contracts for Onward Transfers
- Dispute Resolution and Enforcement
- Choice – Timing of Opt-Out
- Travel Information
- Pharmaceutical and Medical Products
- Public Record and Publicly Available Information
- Access Requests by Public Authorities
In cases of Accountability of Onward Transfer, i2c retains responsibility for the personal information we receive and subsequently transfer to a third party that is acting as an agent on our behalf.
Judicial Arbitration and Mediation Services Inc. (JAMS).
The services of JAMS are provided to you at no cost. If you do not receive a timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may, under certain conditions, invoke binding arbitration via i2c’s Alternative Dispute Resolution Provider, JAMS. Should you wish to pursue this option, you may visit the following JAMS webpage for more information or to file a complaint:
If an issue remains unresolved after pursuing the above mechanisms for resolving complaints regarding i2c’s compliance with the Privacy Shield Frameworks, you may, under certain conditions, raise the issue with your Data Protection Authority, and at no cost to you, invoke binding arbitration with the U.S. Department of Commerce. Should you wish to pursue this option, you may visit the following Annex I webpage for more information:
i2c is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC) and the US Department of Transportation. i2c may be required to disclose an individual’s Personal Information in response to a lawful request issued by a public authority, including a US national security agency, a local/regional law enforcement agency, and/or a court of law.
We self-certify compliance with www.privacyshield.gov.