Privacy Policy
This Privacy Policy (“Policy”) governs the manner in which Karma Holdings LLC DBA Process Payments Now, operating under the name Process Payments Now (“the Company”), collects, uses, maintains, and discloses information collected from users of our services. The protection and proper management of personal information are paramount to our operations, particularly given our role in financial transactions. By engaging with our services and submitting personal information, you consent to the practices outlined herein. It is imperative that users review this Policy thoroughly to comprehend the Company’s approach to data privacy and the measures in place to safeguard personal information.
Information Collection
Types of Data Collected: Karma Holdings LLC DBA Process Payments Now (“the Company”) may collect various types of personal and non-personal information. Personal information may include, but is not limited to, names, email addresses, postal addresses, and other identifiable data necessary for the provision of our services. Non-personal data may consist of browser details, device type, operating system, and other technical metrics.
Methods of Data Collection: The Company employs several methods for data collection. This can range from direct submissions via forms on our platform, automated tracking technologies such as cookies, server logs, and other tools typically used in the digital domain for data acquisition.
Purpose of Collection: Information is primarily collected to facilitate our service delivery, enhance user experience, manage customer relations, and optimize our platform’s performance. The specifics of data usage will be further detailed in the “Information Usage” section of this Policy.
User Consent: By using the services of the Company, users signify their acceptance of this data collection practice. If you do not agree to this Policy, it is advised that you refrain from further utilization of our services. Continued use after the posting of changes to this Policy will be deemed as acceptance of those changes.
Voluntary Provision: While certain data is essential for service provision, other data collection is voluntary. Users have the discretion to refuse the supply of personal data, with the understanding that it may prevent them from engaging in specific site-related activities or obtaining the full spectrum of our services.
Information Usage
Service Provision and Management: The primary use of collected information is to provide and manage services offered by Karma Holdings LLC DBA Process Payments Now (“the Company”). This includes processing transactions, communicating with users regarding their accounts or transactions, and delivering customer support.
Enhancement of User Experience: Personal and non-personal data may be used to understand user preferences, tailor services accordingly, and improve overall user interactions with the platform.
Operational Improvement: We may utilize the information to understand platform usage patterns, analyze trends, and make strategic decisions to optimize our operations and expand our service offerings.
Security Measures: Information collected aids in maintaining the safety and security of our platform. This includes detecting and preventing fraud, unauthorized access, and ensuring a stable operational environment.
Communications: With user consent, the Company might use personal data to send newsletters, marketing materials, promotional offers, or other communications. Users will have the option to opt-out of such communications as detailed in the “Opt-Out & Unsubscribe” section of this Policy.
Regulatory and Legal Compliance: In certain instances, we might be required to use or retain personal data to comply with legal obligations, enforce our terms of service, or fulfill regulatory requirements.
Aggregated Data: Non-personal data, which cannot be used to identify an individual, may be aggregated for statistical analysis. Such aggregated data helps the Company understand market trends and improve services.
Third-Party Integrations: If our platform uses third-party integrations, data may be shared with these parties to facilitate specific functionalities. This will be done in strict accordance with our “Information Sharing & Disclosure” section.
Information Sharing & Disclosure
- Service Providers: Certain operations of our services may be outsourced to third-party vendors or service providers. This may necessitate sharing personal data to facilitate these specific functionalities. All third-party service providers are bound by contractual agreements to maintain the confidentiality and integrity of user information and are prohibited from using the data for any other purpose.
- Business Transfers: In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of the Company’s assets, user’s personal information might be among the assets transferred. Users will be notified via email and/or a prominent notice on our platform of any such change in ownership or uses of personal information.
- Legal Obligations: The Company may disclose personal data when we believe in good faith that disclosure is necessary to comply with a legal obligation, protect the rights, property, or safety of our users, the Company, or the public, or to detect, prevent, or address fraud, security issues, or technical concerns.
- Consent: There may be situations where users provide explicit consent for the sharing or disclosure of personal information for specific purposes not outlined in this Policy.
- Aggregated Data: As mentioned in the “Information Usage” section, we may share aggregated, non-personally identifiable data with partners, affiliates, or other entities for business or research purposes.
- Protecting Rights and Property: We may share personal data to enforce our terms of service, protect our operations or users, or as part of our efforts to keep our platform safe and secure.
Data Retention
Duration of Retention:
Transactional Data: All records associated with financial transactions, including but not limited to payment histories, invoicing, and billing information, will be retained for a period of seven (7) years, in line with standard accounting and tax regulations.
Account Information: Personal data related to merchant account setup, management, and contact information will be retained for the duration of the active business relationship, plus an additional three (3) years post-termination or account deactivation to address any residual issues or inquiries.
Communication Records: Correspondences between the merchant and the Company, including support requests, feedback, and other communications, will be retained for a period of five (5) years to ensure a comprehensive understanding of the merchant’s history with the Company.
Criteria for Determination:
Regulatory Obligations: Given the regulatory environment merchant services operate within, data will be retained to ensure compliance with applicable laws, especially those related to financial transactions, anti-money laundering, and fraud prevention.
Dispute Resolution & Chargebacks: Given the potential for chargebacks and disputes in merchant services, pertinent data will be retained to facilitate resolutions and defend against any claims or disputes.
Operational Integrity: Data essential for maintaining the integrity of transactional histories, ensuring accurate reporting, and providing consistent service will be retained based on operational requirements.
Regular Review: The Company undertakes biennial reviews to ensure data that exceeds its retention period and is no longer necessary for operational, legal, or regulatory reasons is securely disposed of.
User Requests: Merchants may inquire about their data retention specifics and, where applicable and without conflicting with the Company’s legal obligations, request modifications or deletions.
User Rights
Right to Access: Users have the right to request a copy of the personal data that Karma Holdings LLC DBA Process Payments Now (“the Company”) holds about them. This is often referred to as a “data subject access request.”
Right to Rectification: Users have the right to request that the Company correct any personal data found to be inaccurate or incomplete.
Right to Erasure (Right to be Forgotten): Users can request the deletion or removal of personal data where there is no compelling reason for its continued processing. This is not an absolute right and might be subject to regulatory requirements or potential legal claims.
Right to Data Portability: Users have the right to obtain and reuse their personal data across different services. This allows users to move, copy, or transfer personal data easily from one environment to another in a secure manner.
Right to Restriction: Users can request the restriction or suppression of their personal data. This is not an absolute right, and only applies in certain circumstances.
Right to Object: Users have the right to object to the processing of their personal data in certain situations, such as for direct marketing purposes.
Rights in Relation to Automated Decision Making and Profiling: Users have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects concerning them or similarly significantly affects them.
Rights Under the FCRA: For users residing in the United States, the Fair Credit Reporting Act (FCRA) regulates the collection and use of certain information related to credit decisions. If the Company utilizes such information, users have specific rights under the FCRA, including:
- The right to be informed if information from a credit report has been used against them.
- The right to know what is in their credit file.
- The right to request corrections to inaccurate information.
- The right to obtain a reduced price or free credit report in specific scenarios, such as if a user is unemployed or believes they have been a victim of identity theft.
Exercise of Rights: To exercise any of the aforementioned rights, users can contact the Company using the contact details provided in this Policy. The Company will respond to valid requests within thirty (30) days, or as required by applicable law.
Fees: Typically, users will not have to pay a fee to access their personal data or to exercise any of their rights. However, the Company may charge a reasonable fee if a request is clearly unfounded, repetitive, or excessive.
Cookies & Tracking Technologies
Definitions & Applications:
- Cookies: These are tiny data packets stored on your device. Their utility spans from enabling basic site functionalities, such as session continuity and login processes, to delivering targeted advertisements.
- Web Beacons: Transparent pixel images that monitor user behavior, they help us understand user preferences, successful site features, and areas that require optimization.
Purpose:
- Functional Cookies: Essential for our platform’s operations, they manage session details and user preferences, ensuring a seamless user experience.
- Performance Cookies: These are our tools for site optimization. By tracking site activities, we identify popular features and areas that need enhancement.
- Advertising Cookies: Partnering with third-party advertisers, these cookies deliver ads that resonate with individual user preferences and browsing habits.
- Social Media Cookies: Allowing for integrative functionalities with platforms like Facebook or Twitter, these cookies facilitate the sharing of our content on social media.
Regulatory Adherence:
- United States:
- California Consumer Privacy Act (CCPA): For California residents, the CCPA ensures a right to opt out of the sale of personal information. This provision encompasses data acquired via cookies. Our platform provides explicit mechanisms for California users to exercise this right.
- United Kingdom:
- Privacy and Electronic Communications Regulations (PECR): In line with PECR, we clearly inform our UK visitors about our use of cookies and their purposes. Before deploying any cookie, we secure user consent, except where the cookie is essential for service provision, as outlined in PECR’s stipulations.
- United States:
User Empowerment:
- Choice & Control: Every user has the autonomy to manage cookie preferences. While most web browsers are set to auto-accept cookies, users can modify this via browser settings. Opting out might affect platform functionalities.
- Transparency: We maintain an updated list of cookies and associated partners, available upon request, to ensure users know who handles their data.
Review & Updates: Regulatory landscapes evolve, as do technological tools. We commit to bi-annual reviews of this section to incorporate new advancements and regulatory updates, ensuring our users are always informed and protected.
Data Security
Detailed Protective Measures:
- Encryption Protocols: All data traffic, both inbound and outbound from our platform, is subjected to robust encryption standards using Secure Socket Layer (SSL) technology. This fortifies the confidentiality and integrity of data exchanges.
- Infrastructure Security: Our data centers and server facilities employ state-of-the-art physical and digital security measures. These encompass biometric verification systems, round-the-clock surveillance, firewalls, and intrusion detection systems.
- Systematic Audits: Our security specialists conduct routine inspections, penetration tests, and vulnerability assessments. Such exercises enable us to preemptively identify potential loopholes and address them proactively.
- Employee Protocols: All Company personnel, regardless of their roles, undergo mandatory data protection training. This ensures they are adept at implementing the best security practices during data handling and processing.
Comprehensive Breach Protocols:
- Rapid Response Mechanism: In the rare scenario where a data breach occurs, our designated security response team is primed for immediate mobilization to mitigate and manage the situation.
- User Notification System: In alignment with US regulatory requirements, affected users will receive prompt notifications detailing the nature of the breach, potential data compromised, and subsequent actions the Company is undertaking.
- Law Enforcement Collaboration: We maintain a collaborative stance with appropriate law enforcement agencies, ensuring a holistic approach to breach investigation and redressal.
- Post-Incident Analysis: Every incident provides a learning curve. Our team dedicates resources to dissect the event, understand its origin, and refine our defenses accordingly.
Strict Regulatory Adherence:
- Federal Trade Commission (FTC) Act: As guided by Section 5 of the FTC Act, we abstain from any deceptive or unfair practices. This commitment encompasses a pledge to uphold top-tier security standards for consumer data protection.
- Gramm-Leach-Bliley Act (GLBA): Given our role in the financial ecosystem, we comply meticulously with the GLBA. This involves delivering clear privacy notices to users, offering opt-out provisions, and ensuring the confidentiality of personal financial information.
- State-Specific Mandates: The legal landscape in the US is varied, with states like California, via the California Consumer Privacy Act (CCPA), setting rigorous data protection benchmarks. Our protocols are crafted to respect and meet these state-specific guidelines.
Updates & Changes To The Privacy Policy
Review and Amendment Procedures:
- Industry-specific Changes: Recognizing the dynamic nature of the merchant services landscape, we periodically monitor and integrate updates from payment card industries, banking regulations, and other merchant-specific mandates.
- Technology Adaptations: With the introduction of new payment technologies, terminals, or transaction methods, our Privacy Policy may be adjusted to reflect the relevant data handling protocols.
- Regulatory Compliance Team: Our dedicated team, specializing in merchant services regulations, assesses the Privacy Policy quarterly to ensure alignment with global payment card standards, financial data protection norms, and relevant US laws.
User Notification Mechanisms:
- Merchant Dashboard Alert: Upon login, merchants will be greeted with a clear, concise banner highlighting the primary changes to the Privacy Policy.
- Transactional Email Notification: Given the criticality of the merchant operations, a detailed email, enumerating the policy changes, will be dispatched to the primary email address associated with each merchant account.
- Detailed Change Log: Every update will be accompanied by a comprehensive change log. This document, accessible via our merchant portal, will categorize and detail every alteration, ensuring merchants are informed of specific amendments relevant to their operations.
- Immediate Applicability: Due to the sensitive nature of merchant transactions and in the interest of immediate compliance, changes to our Privacy Policy become effective immediately upon publication.
Ongoing Merchant Engagement:
- Dedicated Helpdesk: For a period of 60 days post any update, a specialized helpdesk will operate, guiding merchants through the changes and addressing any policy-related queries.
- Merchant Webinars: Biannually, we’ll host webinars to walk our clients through the policy updates, emphasizing the implications for day-to-day merchant operations and ensuring clarity in data-handling expectations
Contact Information
Should you have any queries, concerns, or wish to exercise your rights pertaining to your personal data, we encourage you to reach out to us directly. Our dedicated team is always on hand to assist and address any issues you may have. Here are the specific details to get in touch with us:
Company Name:
Karma Holdings LLC DBA Process Payments Now
Physical Address:
11357 Nuckols Rd
Unit 2125
Glen Allen, VA 23059
Email Address:
support@processpaymentsnow.com
Phone Number:
877-289-0170
Your concerns and feedback are invaluable to us. Whether it’s a simple inquiry, a data request, or feedback on our services, we’re committed to providing prompt and comprehensive responses to ensure your utmost satisfaction and clarity.
Opt-Out & Unsubscribe
Opting Out of Data Practices:
- Merchant Dashboard: Within your dedicated merchant dashboard, navigate to the ‘Privacy & Communication Preferences’ tab. Here, you can specifically choose which data sharing practices you’d like to opt-out of, from transactional analytics to third-party integrations.
- Customer Data: For merchants concerned about the sharing or usage of their customers’ transactional data, there are dedicated controls to manage and restrict data practices.
- Direct Request: Merchants can send a detailed opt-out request to our Data Compliance Officer at support@processpaymentsnow.com. Please specify the practices you’d like to opt-out of, and our team will ensure the request is processed within 7 business days.
Unsubscribing from Communications:
- Email Notifications: All our merchant-oriented emails, including transactional alerts, system updates, and promotional communications, contain a straightforward ‘Unsubscribe’ link. Opting out will immediately categorize your email preferences accordingly.
- SMS Communications: For those merchants who have opted for SMS alerts or promotions, our messages are crafted in strict adherence to the Telephone Consumer Protection Act (TCPA). Typically, sending ‘STOP’ to any promotional SMS will ensure the cessation of such communications.
Regulatory Adherence & Specifics:
- Telephone Consumer Protection Act (TCPA): Ensuring compliance with TCPA, our company acquires explicit consent from merchants before initiating SMS communications. Additionally, our opt-out procedure via the ‘STOP’ command is instantaneous, ceasing further SMS outreach.
- Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act: Beyond just the inclusion of an ‘Unsubscribe’ link, our emails provide clarity on the sender, ensuring merchants can quickly discern messages stemming from Karma Holdings LLC DBA Process Payments Now. Following the CAN-SPAM Act guidelines, we address opt-out requests without delay, ensuring no further promotional communications post-unsubscription.
- Merchant Specificities: We understand that the merchant services landscape is nuanced. For instance, if there are specific card brands, payment gateways, or third-party tools that you’d prefer not to share data with, these preferences can be fine-tuned within the merchant dashboard or communicated directly to our team.
Dispute Resolution
Initial Contact and Grievance Logging:
- Merchants are encouraged to contact our dedicated Customer Support Team with details of their concerns or grievances. Reach out via the provided contact details, ensuring you detail the nature of the dispute, any transaction IDs or related documentation, and your desired resolution.
- Our team will acknowledge receipt of your grievance within 48 hours, providing you with a unique dispute tracking number.
Internal Review & Mediation:
- Post acknowledgment, a specialized Dispute Resolution Officer will be assigned to your case. They will review the presented details and may contact you for further information.
- If the dispute involves third-party entities, such as payment gateways or card issuers, our officer will facilitate communication, aiming for a satisfactory and expedient resolution.
Binding Arbitration:
- If a mutual resolution seems elusive, either party can propose binding arbitration. In line with the Federal Arbitration Act and other relevant US laws, an independent arbitrator will be chosen to review the case. The decision reached post arbitration will be considered final and binding on both parties.
Regulatory Adherence & Reporting:
- Fair Credit Billing Act (FCBA): For disputes related to unauthorized or incorrect charges on credit cards, our processes are aligned with the FCBA. Merchants are encouraged to report discrepancies within 60 days from the statement date where the error appeared.
- Electronic Fund Transfer Act (EFTA): Discrepancies concerning electronic transfers must be reported within 60 days of the statement reflecting the error, in line with the EFTA.
Merchant Specificities:
- Chargeback Handling: Recognizing the challenges posed by chargebacks in the merchant services domain, we provide dedicated support. Our team will guide you through the evidence submission process, liaise with card issuers, and advocate for fair outcomes.
- Payment Gateway Disputes: Our strong partnerships with leading payment gateways ensure that any disputes involving these entities are addressed with priority. We facilitate transparent communication between all involved parties.
Continual Communication:
- Throughout the dispute resolution process, you’ll receive periodic updates on the status and any required actions on your part. Our aim is to ensure the process remains as transparent and seamless as possible.
External Resources & Advocacy:
- If merchants believe that the resolution provided does not align with their rights or the stipulations of relevant US consumer laws, they can reach out to state or federal regulatory bodies for further advocacy. We are committed to cooperating fully with any external reviews or investigations.