While information is the cornerstone of our ability to provide superior service, our most important asset is the trust of our customers and consumers. At i2c Inc., including our subsidiaries, i2c Processing Inc. and i2c Services Inc. (i2c), we consider it a top priority to keep the personal information entrusted to us secure, use it only as the subject individuals would want us to, and honor each individual’s right to access and update their personal information at any time.
We commit to the following as our policy to each of our customers and consumers:
- We will safeguard the personal information shared with us in accordance with strict standards of security and confidentiality.
- We will limit the collection and use of personal information to only what is necessary to deliver superior service to our customers. Such personal information may be used for the purposes of administering payment services, advising customers and consumers about our products, services and other opportunities, and to administer our business, which may include implementing and operating web sites; facilitating sales and marketing campaigns including loyalty programs; screening and verifying the identity of persons applying for payment cards and electronic payment accounts which may also be a legal/regulatory requirement; approving and issuing such payment cards and accounts; processing payment authorizations and payment transactions; providing customer service and support; monitoring, detecting and preventing fraud; providing compliance services; providing compliance and security assurance reports under various regulatory regimes including PCI DSS, PCI 3DS, ISO 27001, ISO 22301, ISO 27701, ISO 18295, SSAE18 SOC1/2 Type II; and other related services.
- We will retain each individual’s personal information for only as long as needed to fulfill the intended purpose for which it was collected, or as may be required by law.
- We will make access mechanisms available that will allow each individual to change their personal information at any time, and make other choices about the use and disclosure of their personal information. Such access and changes may be made through our online portal or through our Customer Service Center by means of telephone, fax, letter, email, etc.
- We will not reveal personal information to a third party unless we have previously informed the subject individual in advance through disclosures and agreements, have received the individual’s consent, or are required to by law. Examples of third parties we reveal and share personal information with include the issuers of payment cards and digital payment accounts, payment services providers, legal and regulatory authorities and identity verification service bureaus. Individuals agree, at the time they apply for enrollment in the payment program, to allow i2c to share their personal information with these third-party organizations. If an individual decides after enrollment to further restrict the use or disclosure of their personal information, this may result in the limitation or discontinuance of certain services we provide to that individual.
- We will provide timely notice to individuals of the type of personal information we collect, how we use it, and the types of third-party organizations we may share it with.
- We will continually maintain proper safeguarding of the personal information in our care, to protect the privacy of each individual.
- We will require authorized third-party organizations with whom we share personal information to have at least the same strict level of security and confidentiality as we do, and require that they allow us to verify their compliance with these security and confidentiality controls.
The Data Privacy Framework includes the following seven Data Privacy Framework Principles embraced by i2c (also includes sixteen Data Privacy Framework Supplemental Principles as applicable):
- Accountability of Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement and Liability
In cases of Accountability of Onward Transfer, i2c retains responsibility for the subsequent transfer of personal information (other than HR data) to an authorized third party.
i2c commits to resolving complaints about the collection or use of personal information, in accordance with the DPF.
Judicial Arbitration and Mediation Services Inc. (JAMS).
The services of JAMS are provided to you at no cost. If you do not receive a timely acknowledgment from us of your complaint, or if we have not addressed your complaint to your satisfaction, you may, under certain conditions, invoke binding arbitration via i2c’s Alternative Dispute Resolution Provider, JAMS. Should you wish to pursue this option, you may visit the following JAMS webpage for more information or to file a complaint:https://www.jamsadr.com/dpf-dispute-resolution
If an issue remains unresolved after pursuing the above mechanisms for resolving complaints regarding i2c’s compliance with the DPF, you may, under certain conditions, raise the issue with your Data Protection Authority, and at no cost to you, invoke binding arbitration with the U.S. Department of Commerce. Should you wish to pursue this option, you may visit the following Annex I webpage for more information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
i2c is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). i2c may be required to disclose an individual’s personal information in response to a lawful request issued by a public authority, including a US national security agency, a local/regional law enforcement agency, and/or a court of law.
We self-certify compliance with the Data Privacy Framework at: https://www.dataprivacyframework.gov.
In accordance with the California Consumer Privacy Act, and the California Privacy Rights Act (CCPA/CPRA):
i2c acknowledges that California customers/consumers have the right to have their personal information deleted. To exercise this right, contact our Customer Service Center using the contact number provided to you at the time your payment account was issued. Note, some personal information may be subject to Federal laws that require it be retained for a certain period before it may be deleted.
California customers/consumers have the right to access/change their personal information. To exercise this right, login to your online portal account, or contact our Customer Service Center using the contact number provided to you at the time your payment account was issued.
California customers/consumers have the right to be given information about the collection, sale and disclosure of their personal information to other third parties. To exercise this right, contact our Customer Service Center using the contact number provided to you at the time your payment account was issued or by using the contact means available to you in your online portal account.
California customers/consumers have the right to opt-out of the sale of their personal information. i2c does not sell customer/consumer personal information.
California customers/consumers have the right not to be discriminated against for exercising any rights under the CCPA/CPRA (for example denial of service, increase of fees or decrease of service quality). i2c does not discriminate against customers/consumers who exercise their rights under the CCPA/CPRA.
i2c has collected the following categories of personal information from customers/consumers within the past 12 months:
- Personal identity information
- Financial accounts information
- Other information as may be required by law (GLBA, BSA, OFAC, USA PATRIOT Act, etc.)
i2c does not sell the personal information of customers/consumers, and we have not done so within the past 12 months.
i2c does not disclose the personal information of customers/consumers to any third parties (other than those expressly permitted by you the customer/consumer or by law), and we have not done so within the past 12 months.