AMBERPAY’S DATA PROTECTION AND PRIVACY POLICY

By using the Amber Pay product and services you agree and consent to this Data Protection and Privacy Policy


1. Personal Information We May Collect

2. “Personal Information” means any information relating to an identified or identifiable individual.

3. We may collect the following categories of Personal Information:

3.1. Transaction information, such as personal account number, the merchant’s name and location, the date and the total amount of the transaction, and other information provided by financial institutions or merchants when we act on their behalf.

3.2. Product and service information, such as registration and payment information, and programspecific information, when you request products or services directly from us, or participate in marketing programs.

3.3. Website, device and mobile app usage, and similar information collected via automated means, such as cookies and similar technologies.

3.4. Job applications and related information when you apply for a job with us.

3.5. Business contact information when you work for one of our business partners.

Personal Information We Receive from Financial Institutions, Merchants, and Other Partners in Connection with Amberpay’s Products or Services

4. As a processor of payment transactions and provider of related services, we obtain a limited amount of information in connection with your payment transactions such as the personal account number, the merchant’s name and location, the date and the total amount of the transaction.

5. In addition, for certain products and services, your financial institutions, the merchants where you make a transaction or other partners may provide us with more information about you, or we may collect it directly from you to provide you with those products and services on their behalf, support their business or perform processing activities on their behalf.

6. In the above situations, we act on behalf of and under the instructions of financial institutions, merchants and other partners which act as data controllers. Unless otherwise authorized by law, we will process your Personal Information to process payment transactions or for the purposes agreed between Amber Pay and the financial institutions, merchants and other partners. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information.

7. Personal Information We Collect when Providing Amberpay’s Products and Services Directly to You

8. Amber Pay may provide you directly with products and services such as marketing programs, rewards programs, and biometric authentication tools. To benefit from one or more of these products and services, you can submit information to us directly via various means including: (i) on our websites, (ii) in response to marketing or other communications, (iii) by signing up for an Amber Pay product or service, or (iv) through your participation in an offer, program or promotion. We may also obtain Personal Information about you through your use of our products or services, from companies that use or facilitate our products or services, from publicly available sources, or from third party partners. Your Personal Information may also be passed on to us by your financial institution, merchant or other business partners.

9. Below is an overview of the types of Personal Information we may collect in relation to programs we offer directly to you.

10. Registration and payment information: We may collect identifiers and your contact information (such as name, email address, phone number, billing or shipping address), authentication information (e.g., username and password), age, date of birth, gender and family status, language preferences, payment details, personal account number, commercial information, such as merchant’s name and location, date and total amount of the transactions, card expiration date and card verification code.

11. Information we process to provide you with the program: We may collect different types of Personal Information depending on the program. For example, programs designed to offer you location-based services will typically require the collection of your address or geolocation data. Programs within our payment solutions may require the collection of your financial account information. Similarly, programs designed to allow you to authenticate for example, via facial or fingerprint recognition may require the processing of your photograph and/or biometric information. All these programs are voluntary, and your Personal Information is only collected if you subscribe to such programs.

12. Other information you choose to provide: You may choose to provide other information, such as different types of content (e.g., photographs, articles, comments), contact information of friends or other people you would like us to contact, content you make available through social media accounts or memberships with third parties, or any other information you want to share with us, for example when you contact customer service.

13. In addition, we may collect or use Personal Information for fraud prevention and monitoring, risk management, dispute resolution and other related purposes. Such information may include identifiers, commercial information, and Internet or other electronic network activity information, such as the personal account number, merchant’s name and location, date and total amount of the transactions, IP address, credit information, location data, merchant details, items purchased and information about the dispute.

Personal Information We Obtain from Your Interaction with Amber Pay’s Ads, Websites, Apps or Other Digital Assets

14. We, our service providers and partners may collect certain information about you via automated means such as Internet or other electronic network activity information, cookies, and web beacons when you interact with our ads, mobile apps, or visit our websites, pages or other digital assets. The information we collect in this manner may include: IP address, browser type, operating system, mobile device identifier, geographical area, referring URLs and information on actions taken or interaction with our digital assets. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is a technology that helps us identify when content has been accessed or visited.

15. We use this information to improve our online products and services by assessing how many users access or use our online products and services, which content, products and features of our online products and services most interest our visitors, what types of offers our customers like to see and how our online products and services perform from a technical point of view. For instance, we may use third-party web analytics services on our websites and mobile apps. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyze how visitors use our websites and apps.

16. We, our service providers and partners may also collect information about you in connection with our marketing activities, including offers and promotions. The information collected for these purposes may include identifiers and your contact information (e.g., name, postal address, email address, phone number), electronic identification data (e.g., username, password, security questions, IP address), and data collected in the context of online marketing programs, including commercial information, Internet or other electronic network activity information, geolocation data, and inferences drawn from Personal Information (e.g., personal characteristics, life habits, consumption habits, interests, location data, and voice and image recordings).

17. We, our service providers and partners may also collect information about you to provide you with content and advertising tailored to your individual interests based on inferences drawn from Personal Information. The information collected for these purposes may include Internet or other electronic network activity information, such as details about things like the particular pages or ads you view on our websites and apps and the actions you take on our websites and apps.

18. We, our service providers and partners may collect certain information about you via automated means such as, social media tools, widgets or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link or post directly to your social media account. When you visit a website that contains such tools or plugins, the social media or other service provider may learn of your visit. However, your interactions with these tools are governed by the privacy policies of the corresponding social media platforms. As we do not control these third-parties’ data handling practices, we recommend that you review their privacy policies, terms of use, and license agreements (if any).

19. In addition, some of our online products and services include advanced fraud prevention technology using behavioral-based data or biometric information, such as keystroke timing, device accelerometer, scroll position and mouse-location.

20. Applicable law means the Data Protection Act of Jamaica and any regulations made thereunder.

21. Where required under applicable law, we obtain your consent prior to using the above automated means, and prior to sending you marketing communications, tailored content and advertising. Personal Information We Collect in the Context of Our Business Relationship with Financial Institution, Merchant or other Entity Partnering with Amber Pay

22. We may collect Personal Information from individuals working for one of our business partners (including financial institutions, merchants, customers, suppliers, vendors and other partners), including identifiers, name, job title, department and name of organization, business email and postal addresses, business telephone number, queries, answers to security questions, security passwords and other credentials. We may use this information to provide products and services directly to financial institutions, corporate clients, merchants, customers and partners, to manage our business relationships and financial reporting, for transparency and integrity, to protect us from financial crime, to improve our service, for marketing and to comply with applicable law, as well as for accounting, auditing and billing purposes.

How We May Use Your Personal Information

23. We May Use Your Personal Information to:

23.1. Process your payment transactions.

23.2. Protect against and prevent fraud, and other legal or information security risks.

23.3. Provide our Open Banking solutions.

23.4. Provide and communicate with you about products and services offered by Amberpay, financial institutions, merchants and partners.

23.5. Provide you with personalized services and recommendations.

23.6. Operate, evaluate and improve our business, including anonymization and analytics.

23.7. Process your job application.

23.8. Serve other purposes for which we provide specific notice at the time of collection, and as otherwise authorized or required by law.

23.9. Generate anonymized and aggregated data to prepare insights to advise Amberpay’s customers and partners regarding spending patterns, fraud and other trends.

23.10. Learn more about you, including your preferences or other characteristics. We treat these inferences as Personal Information where required under applicable law.

24. Where required under applicable law, we will only use your Personal Information with your consent; as necessary to provide you with products and services; to comply with a legal obligation; or when there is a legitimate and overriding interest that necessitates the use.

25. We may use Personal Information we obtain about you for the purposes set out below. Depending on the country in which you are located, we will only process your Personal Information, when we have a legal basis for the processing.

Processing activity

26. Legal Basis for Processing (where required under applicable law):

26.1. Process your payment transactions (including authorization, clearing, chargebacks and other related dispute resolution activities).

26.2. In most cases, we process your payment transactions as a processor on behalf of your financial institutions, merchants and other partners which act as data controllers. When we act as a processor, controllers are responsible for ensuring a legal basis for the processing of your Personal Information.

27. In some limited cases (e.g., chargebacks), we may process your payment transactions as a data controller, provided that:

27.1. You consented to the use of your Personal Information; or

27.2. The processing is necessary for entering into, or performance of a contract to which you are party; or

27.3. The processing is necessary for compliance with a legal obligation or other regulatory obligations.

27.4. Protect against and prevent fraud and cyber threats, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality with respect to the integrity and security of our payments network.

28. When we process Personal Information for fraud and cyber threat prevention, we may act as a controller or as a processor.

29. When we act as a controller, we rely on one of the following legal grounds:

29.1. You consented to the use of your Personal Information; or

29.2. The processing is necessary for compliance with a legal obligation or other regulatory obligations; or

29.3. The processing is necessary for entering into, or performance of a contract to which you are party; or

29.4. We, or a third party, have a legitimate interest in using your Personal Information for the purpose of protecting against fraud, securing our network and the payment transactions that we process.

29.5. We, or a third party, have a legitimate interest in using your Personal Information for such purpose (e.g., detecting fraud risks or resolving disputes).

29.6. In some cases, we provide our Open Banking solutions as a processor on behalf of your service provider, merchants and other partners which act as data controllers. When we act as a processor, controllers are responsible for ensuring a legal basis for the processing of your Personal Information. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information in these contexts.

How We Share Your Personal Information

30. We May Share Personal Information with:

30.1. Amber Pay’s affiliates and other entities within Amber Pay’s group of companies.

30.2. Service providers acting on our behalf.

30.3. Other participants in the payment ecosystem, including financial institutions, and merchants.

30.4. Other participants in the Open Banking ecosystem, including financial institutions, merchants and third parties.

30.5. Third parties for fraud monitoring and prevention purposes, or other purposes required by law.

30.6. Third parties whose feature you use in connection with our products and services or with your consent.

30.7. Other entities as required under applicable law or in the event of a sale or transfer of our business or assets.

31. We do not disclose Personal Information we collect about you, except as described in this Data Protection and Privacy Policy, as disclosed to you at the time of data collection or as described in our program specific privacy notice. Please see the “Data Transfers” section below to understand how we comply with applicable cross-border data transfer rules.

32. We may also share your Personal Information:

32.1. With financial institutions and other entities that issue payment cards or merchants to process payment transactions and perform other activities that you request.

32.2. With entities that partner with Amber Pay or assist Amber Pay in providing its products and services, for fraud prevention and monitoring and third party identification services, to ensure the security of transactions and our payment processing system.

32.3. With other participants in the Open Banking ecosystem, including financial institutions, merchants and other entities of your choice (e.g., your investment advisors).

32.4. When we act as a service provider for third parties and provide them with Personal Information that we process on their behalf.

32.5. With our service providers who perform services on our behalf for the purposes described in this Data Protection and Privacy Policy (or in the applicable program specific privacy notice). We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the Personal Information they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Personal Information.

32.6. With third parties whose features (e.g., third-party cookies, widgets, plug-ins) are integrated in our products and services.

32.7. With social media networks when you directly engage with those platforms With other third parties with your consent.

32.8. As required under applicable law or legal process, or to respond to requests from law enforcement or governmental agencies.

32.9. When we believe disclosure is necessary to protect individuals’ vital interests, to enforce our Terms of Use, prevent Amber Pay against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

32.10. In the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with our Data Protection and Privacy Policy. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Information with any inquiries concerning the processing of that information.

Your Rights and Choices

33. Depending on your country, you may have the right or choice to:

33.1. Opt out of some collection or uses of your Personal Information, including the use of cookies and similar technologies, the use of your Personal Information for marketing purposes, and the anonymization of your Personal Information for data analyses.

33.2. Access your Personal Information, obtain a copy of it, rectify it, restrict or object to its processing, or request its deletion, destruction or anonymization.

33.3. Receive the Personal Information you provided to us to transmit it to another company.

33.4. Withdraw any consent provided.

33.5. Where applicable, lodge a complaint with your relevant supervisory authority or regulator.

33.6. You, or a party authorized to act on your behalf, can exercise your rights by sending an email to Us as provided in the “How to Contact Us” section below.

33.7. You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you.

34. Please note that in order to use Amber Pay product and services you agree to supply the required personal information that we request from You.

35. You can choose:

35.1. Not to provide Personal Information to Amber Pay by refraining from conducting payment transactions or from submitting Personal Information directly to us. When we collect Personal Information from you, we indicate whether and why it is necessary to provide it to us, as well as the consequences of failing to do so. If you do not provide Personal Information, you may not be able to benefit from the full range of Amber Pay products and services, and we may not be able to provide you with the Amber Pay products or services if that information is necessary to provide you with them, or if we are legally required to collect it in relation to the provision of such product or service.

35.2. To opt out of the collection and use of certain information, which we collect about you by automated means, when you visit our websites or use our apps you can exercise your choice regarding the use of cookies and similar technologies by clicking on the ‘Manage cookies’ banner displayed in the bottom right corner of Amber Pay websites. Your browser may tell you how to be notified of and opt out of having certain types of cookies placed on your device. Note that without certain cookies you may not be able to use all of the features of our websites, apps or online services. The aforementioned options may be restricted in certain jurisdictions.

35.3. To opt out of certain uses of information, which we collect about you by automated means, when you visit third-party websites and interact with our ads. We may use service providers to serve ads on those third-party websites. These ads may be customized and served based on the use of data we and our partners have collected on our websites and apps. In addition, some of our service providers and partners may collect information about your online activities over time and across third-party websites to customize and serve these ads. Amber Pay ads are sometimes delivered with icons that help consumers (i) learn more about how their data is being used and (ii) exercise choices they may have regarding the use of their data. Please click, where applicable, on the icon in our targeted ads to learn about your ability to opt out or limit the use of your browsing behavior for advertising purposes. You may also exercise your choice regarding the use of cookies and similar technologies by clicking on the ‘Manage cookies’ banner displayed in the bottom right corner of our websites.

35.4. You can tell us not to send you marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below. You also may opt out of receiving marketing emails from Amber Pay. You can also contact Us at the email below to opt out of receiving marketing emails.

36. To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the "How To Contact Us" section below.

37. If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

Data Transfers

38. Amber Pay is a global business. We may transfer the Personal Information we collect about you to recipients in countries other than Jamaica, including the United States. Some countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Information to other countries, we will protect that information.

39. We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located.

40. We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located.

41. Depending on your country, you may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of your jurisdiction.

How We Protect Your Personal Information

42. We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.

43. The security of your Personal Information is important to Amber Pay. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use SSL encryption on a number of our websites from which we transfer certain Personal Information.

44. We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible reenrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

Features and Links to Other Websites

45. Our websites may include links to other third-party websites, social media tools, widgets or plug-ins, permitting sharing web content including IP address, with third parties and social media providers. These social media providers may learn of your visit even if you are not logged in to your social media account or if you do not have an account with them. To the extent any linked websites or features you visit or use are not owned or controlled by Amber Pay, we suggest that you review their own privacy notices or policies.

46. Our websites may provide links to other websites for your convenience and information. Our website may also contain certain features for which we partner with other entities. These entities may learn of your visit regardless of whether you use these features. These websites and features, which may include social networking and geo-location tools, operate independently from Amberpay, and are clearly identified as such. To the extent any linked websites or features you visit or use are not owned or controlled by Amber Pay, we suggest that you review the privacy practices of the websites.

47. Amber Pay offers you the possibility to share, link to, or mention things on social media about Amber Pay’s products and services. For example, you may “like” an offer via your Facebook account, or “tweet” an offer using Twitter. When you visit a website with a social media button, your browser establishes a direct connection to that social media provider, and data concerning your visit, including IP address, is transferred to the social media provider. If you have an account with the social media provider, the provider may link your visit to your account, even if you are not logged into this account.

48. You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Amber Pay. These features, including geo-location tools, are operated by third parties and are clearly identified as such. Social media providers such as Facebook and Twitter, and these other third parties, are independent from Amber Pay and do not necessarily share the same policy as Amber Pay regarding the protection of privacy. Please review their privacy notices if you decide to use their services and consult your social media account settings if you want to deactivate certain features. Children’s Privacy

49. Amber Pay’s products and services are not directed to, or intended for, children under the age of 18. Updates to This Data Protection and Privacy Policy

50. This Data Protection and Privacy Policy may be updated periodically to reflect changes in our privacy practices.

51. This Data Protection and Privacy Policy may be updated periodically to reflect changes in our Personal Information practices. We will post a prominent notice on relevant websites to notify you of any significant or material changes to our Data Protection and Privacy Policy and indicate at the top of the Notice when it was most recently updated. If we update our Data Protection and Privacy Policy, in certain circumstances, we may seek your consent.

How to Contact Us

52. You can e-mail our Privacy Office at support@amberpay.com. You may also submit a request to exercise your rights to your Personal Information.