N/A

Crossroads 2024 – THE B2B PAYMENTS CONFERENCE | October 2-4 →

medium circle with a dark blue gradient

Privacy Notice

Effective Date: September 10, 2024

Introduction

Multi Service Technology Solutions, Inc. (dba TreviPay) (“TreviPay”), and any of its subsidiaries and affiliates (collectively may be referred to as “Company”, “we” or “us”), are committed to safeguarding the privacy and personal information of our customers, business partners and employees. This Privacy Policy explains how we may collect, use, process, share, maintain, and store (collectively “Process”) personal information about you, including through designated third-party service providers, and the choices that are available to you regarding this information. Please read this Privacy Policy carefully to understand our views and practices regarding your personal information and how we will treat it.

In addition to information kept in hardcopy, this Privacy Policy also applies to Company-related websites, online applications that run on smart phones, tablets, mobile device applications (“apps”), and other online services that we offer which may link to this Privacy Policy and/or otherwise be governed by this Privacy Policy. Such websites, online and/or mobile apps, and other online services to which this Privacy Policy applies (collectively the “sites” or “websites” and each a “site” or “website”) include, but are not limited to, the following: Kropp Holdings, Inc. (www.khinc.com); Multi Service Technology Solutions, Inc. (dba TreviPay (TreviPay) (www.trevipay.com); Open Road Drivers Plan (protectmycdl.com).

Please note also that our websites may contain links to other websites. If you follow a link to any of these other websites, you should read their own privacy policies. We are not responsible for the content or privacy practices of those sites, and this Privacy Policy does not apply to any information that may be collected from you or shared by you on those sites.

General Disclosures

Please note that most of our public-facing websites are hosted in the United States. If you are visiting the sites from a country outside of the US, please note that by providing your information it is being transferred to, stored and/or processed in the US and other countries, including but not limited to the UK, Costa Rica, Australia, Singapore and various European Economic Area (“EEA”) members states (such as Denmark, France, Germany, Greece, Hungary, Ireland, Norway, and Sweden) where key data centers, servers, and/or groups of employees are located and operate.  If you are from outside of the US, please see the provisions under our Specific Jurisdiction Information for additional information. If you are outside the US and do not wish to allow the transfer of your personal information to the US, you should not use these sites and you should opt-out of the collection of cookies. View our Cookie Policy to learn more.

We take your privacy and the protection of your personal information seriously. To that end, we always endeavor to store, process and disclose your personal information in accordance with applicable law; we will work to make it clearer when we collect personal information and will explain what we intend to do with it; and we do our best to protect your privacy through the appropriate use of information security measures.

What information do we collect about you?

Information you give us

We collect information about you when you open an account with us, purchase our products and services and/or remit payment for services. We also collect information about you using cookies, and if you interact with us via phone, social media, websites, or apps.  Where you are providing us personal information about another person, such as a family member or coworker, you agree that you will have obtained and will maintain all necessary consents and authorizations necessary to share that information with us.

The types of information that you may give us vary depending on the specific entity with which you are doing business and/or the particular services requested. For example, you may be utilizing our software offerings, and/or related services or solutions. The information you may give us could include categories such as, but not limited to, your name, work or personal address, e-mail address, phone number, date of birth, gender, financial and/or credit card information, passport number, driving license information, Social Security Number, national ID number, personal description and/or photograph, professional licensses and/or certifications, visa/immigration information, as well as customer data, payment data, employee data and/or website user data.

Sensitive information

We will only collect sensitive information about you with your consent and/or where necessary to comply with applicable laws.  What qualifies as sensitive information may differ based on applicable law, but it is generally understood to mean personal information relating to your racial or ethnic origin, political persuasion, membership in trade or professional associations, sexual preferences, criminal record, or health. For example, we may need to collect certain categories of sensitive information regarding your health records or ethnicity to process a visa application or to assist you in gaining access to certain governmental facilities. By providing us this information, you agree that you have given us your consent to collect, store, use, and transfer it for the purposes provided and as may be permitted under applicable law. You agree further that you will not send us and will not disclose to us any sensitive categories of information unless required by us to provide the services for which you have contracted with us. Where you are providing us sensitive information about another person, you agree that you have obtained and will maintain all necessary consents and authorizations necessary to share such information with us. 

Cookies and website usage

Our websites may use cookies to distinguish you from other users of our websites. This helps us to improve the functionality and content of the websites, including keeping our websites and records safe and secure, and to facilitate usage by you. We and our service providers may also use cookies and similar tracking tools for tailored advertising purposes.

Some of our websites might use various analytics systems to help identify problems with our websites and/or to improve website usability and the overall customer experience. This may include recording of mouse clicks, movements and scrolling activity.

We may also automatically collect non-personal information about you such as the type of internet browsers you use or the website from which you linked to our website. We may also aggregate details which you have submitted to us. You cannot be identified from this information and it is only used to assist us in providing effective services, including in connection with this website.

Depending on the TreviPay entity and website, we may use performance and/or targeting cookies such as Google Analytics or Amplitude. For more information regarding our use of cookies, please review the our Cookie Policy, as well as the information contained in the banners of our various websites, which provide the ability to on/off turn various cookies.

Where we have given you a password to access certain parts of our websites, or where you have chosen one for yourself, you are responsible for keeping that password confidential and for maintaining an adequate level of complexity for your any password you have chosen for yourself. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to/from our websites — any transmission is at your own risk.

Information we receive from other sources

We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies) and may receive information about you from them.

Children’s Online Privacy Protection Act (COPPA) Compliance and Related Information

The Children’s Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. Please note that our websites are not intended for children under 13 years of age and we do not knowingly solicit data online from or market online to, children under 13 years of age. If you are under the age of 13, please do not supply any personal information through the sites. Instead, please have your parent or guardian contact us immediately (Please see the “How to Contact Us” information below), so that we can remove such information from our files.

How do we use the information about you?

We use your information as permitted by applicable law to provide you with information, process orders for products and services that you request from us, and administer or otherwise carry out our obligations in relation to any agreement you have with us.

This site uses Google Analytics system to help improve usability and the customer experience. Google Analytics may record the browser used, language, city and country, service provider, session duration, count of page hits, current number of active users, session duration, bounce rates, device type and operating system. For more information or to opt-out, please read their privacy policy.

This site also uses Amplitude as an analytics tool to help improve usability and the customer experience. Amplitude may record: Location (city, country, latitude, longitude, region, designated market area); Device Information (device family, ID, type, IP address, operating system, platform); Language; User role; User type; Program Name or ID; Uer name as it was entered into our portal; and user email. For more information or to opt-out, please read Amplitude’s privacy policy.  Additionally, if at any time you wish us to stop using your information for any of the above purposes, please contact us using the methods explained below (“How to Contact Us”).  We will stop the use of your information for such purpose as soon as is reasonably possible to do so.

The Company retains your information for the period necessary to serve a legitimate purpose or as required by law.  Examples of when and how we may need to use your data, including transferring it to affiliated entities and/or selected third party service providers, includes but is not limited to the following:

    • Responding to inquiries:  We may use your contact information, purchase history, account preferences, payment details, location, etc. to help answer your sales- and/or delivery-related questions, or to identify a product or service that is best suited to your needs or most convenient to your physical location.

    • Contract fulfillment:  We may use your contact information and billing details to execute our agreements with you and to maintain and/or assess our ongoing commercial relationship with you.  Depending on the products and services requested, we may need to utilize your personal contact information, date of birth, passport details, visa/immigration information, sensitive information, payment details, health information, location, etc. to fulfill our contractual duties and provide the requested services.

    • Product and service development and enhancement:  We may use information such as your website activity, purchase history, account preferences, travel history, etc. to better understand the usage of our products and services and to help identify areas for development and enhancement.

    • Marketing:  We may also use this information to provide you with information about goods or services we feel may interest you. You may opt-out of receiving marketing and promotional messages from us, if those messages are powered by us, by following the instructions found in those messages. If you decide to opt-out you will still receive non-promotional communications relevant to your use of our goods or services.

 If at any time you wish us to stop using your information for any the above purposes, please contact us using the methods explained below. We will stop the use of your information for such purposes as soon as it is reasonably possible to do so, subject to legal and contractual restrictions.

How do we share your information?

We do not sell your information

We do not sell the personal information of any customer or vendor to third parties, and we also do not allow the third parties with whom we share your personal information to sell it.  We do not sell the personal information of minors under sixteen (16) years of age.  While we may be permitted to sell anonymized and de-identified data, as defined by applicable laws, note that such data can no longer identify an individual.

How we may share/disclose your information with third parties

We may share your personal information with other members of our group of companies and with selected third parties for the performance of any contract we enter into with them or you, as well as to determine your satisfaction with the services and/or products that we may be providing you. These third parties will not use your personal information for any other purposes than what we have agreed to with them, and we request those third parties to implement adequate levels of protection in order to safeguard your personal information.

Since the Company operates globally, as noted above the data that we collect from you may be transferred to, and stored at, a destination outside of the country in which you reside (e.g. outside the US, UK, EEA, Australia, Canada, etc.). For example, it may be processed by staff operating outside your country or region who work for us, our subsidiaries, or for one of our suppliers in relation to the fulfillment of your order or administration of your agreement (e.g. in the U.S., Costa Rica, etc.). While the information is under our control, the Company seeks to ensure that your personal information receives the same level of protection as it would had it stayed within your home country, including seeking to ensure that it is kept secure and used only in accordance with our instructions and for legitimate purposes.

Corporate Transactions

In the event we go through a business transition, such as a merger, assignment, acquisition of another company, or sale of part or all of our assets(including due to a sale in connection with a bankruptcy), we may disclose your personal information to third parties and your personal data held may be among one of the assets transferred. We will require any such purchaser, assignee or other successor business entity to honor the terms of this Privacy Policy or those at least equal to it.

Aggregated, Anonymized or De-identified Information

We may also automatically collect non-personal information about you such as the type of internet browsers you use or the website from which you linked to our website. We may also aggregate details which you have submitted to us. You cannot be identified from this information and it is only used to assist us in providing effective services, including in connection with the websites.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. This allows the specific information collected (name, email, address, phone number, etc.) to become anonymous, but allows us to keep the transaction or engagement data. For example, we will not be able to tell if John Smith registered for an event, but we will be able to tell that a person registered for an event and maintain headcount and transactional history. This will allow us to maintain a level of information that helps us develop and improve our sites products and services.

Disclosure of Information for Legal Purposes

We may disclose or share your personal information: to comply with a legal or regulatory obligation; to enforce or apply our terms of use and other agreements; to protect the rights, property, or safety of the Company, our customers, or others; or as otherwise permitted or required by law. This could include, for example, exchanging information with a law enforcement agency or regulator; or with companies and organizations for the purposes of fraud protection and credit risk reduction.

Where you have authorized us to do so, we may conduct credit investigations, including by contracting trade references, obtaining financial information, and supplying your personal information to credit reference agencies (CRAs) in order to obtain information, such as your financial history, which we may use to assess your creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity, as detailed in the Purchase Program Accountholder Agreement. We may also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs may share your information with other organizations.

In the UK, we partner with third-party fraud prevention agencies including CIFAS. We will share your personal information with fraud prevention agencies who will use it, along with information received from other third parties, to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you may be refused certain services, finance, or employment. Further details of how personal information will be used by us and these fraud prevention agencies, and your data protection rights, are explained in more detail at http://www.cifas.org.uk/fpn.

Note that in certain jurisdictions we may also be permitted to use or disclose certain forms of government identifiers in compliance with local laws, such as under Australian law where we may be authorized to do so by or under an Australian law or a court/tribunal order, and/or when reasonably necessary to fulfil our obligations to a federal, state or territorial government agency.

How do we store and protect your personal information?

We will store your information only for the period required to serve a legitimate purpose or as required by law. In general, storage may be for the duration of our commercial relationship, for as long as you can bring a claim against us and for us to be able to defend ourselves, and/or for any period required by tax and other applicable laws and regulations. We will take a range of reasonable measures to protect your personal information and to store it in a secure environment, whether that is in paper and/or electronic form. We will also take reasonable steps to protect any personal information from misuse, loss and/or unauthorized access, modification, or disclosure.  Authorized employees, representatives and agents will have access to your personal information for the purposes described in this Privacy Notice.

Potential rights under country-specific data privacy laws

Multiple countries have instituted their own data privacy laws that mandate certain rights. The rights that you may exercise under certain key jurisdictions are found below.

If you are eligible and wish to exercise the rights granted under any other applicable data privacy law (e.g. a subject access request), you may contact us using the details found below. Please note that we may not always be able to fulfill your request as there may be legitimate purposes, such as certain legal or statutory obligations, that require us to retain your information as stored or if we believe the change would cause the information to be incorrect.

Complaints

Please be aware that when we receive a formal written complaint regarding the processing of personal data, we try to resolve it directly with the person who has made the complaint. However as necessary, we will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of personal data that we cannot resolve with a complainant directly.

If you are dissatisfied with how we have dealt with your personal information, or you have an issue with our compliance with applicable privacy laws, you may contact us using the contact details below. We will acknowledge your complaint and aim to resolve it as quickly as possible and within applicable statutory deadlines.

You may ultimately choose to raise your concern with the applicable data privacy regulator. Information on which agencies to contact in certain key jurisdictions are highlighted below in the “Specific Jurisdiction Information”.

Updates to our Privacy Policy

As appropriate, we may make changes to this Privacy Policy that will be posted online and, where appropriate, be sent to you by e-mail. Please check back frequently to remain aware of any updates or changes to this Privacy Policy. We display an effective date on this Privacy Policy so that it will be easier for you to know when there has been a change. Your use of our sites and our services constitutes acceptance of the provisions of this Privacy Policy and your continued usage after such changes are posted constitutes acceptance of each revised Privacy Policy. If you do not agree to the terms of this Privacy Policy or any revised Privacy Policy, please exit the sites immediately. If you have any questions about this Privacy Policy, the practices of the sites or your dealings with the sites, you can contact us by using the information provided below.

How to contact us

We encourage you to first visit our Privacy Center, which contains additional information regarding our policies and procedures. If you have additional questions, or believe you are eligible to submit a subject access request, you can reach us by email at privacy@trevipay.com or contacting us by post at:

TreviPay
Attn: Legal Department, Privacy Officer
6450 Sprint Parkway, Suite 3B203
Overland Park, Kansas 66211
U.S.A.

If you are dissatisfied with how we have dealt with your personal information, you may contact us using the contact details above. We will acknowledge your complaint and aim to resolve it as quickly as possible and within applicable statutory deadlines. Please be aware that when we receive a formal written complaint regarding the processing of personal data, we try to resolve it directly with the person who has made the complaint. However, as necessary, we will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of personal data that we cannot resolve with a complainant directly.

Specific Jurisdiction Information

European Union / United Kingdom / Switzerland

In addition to the information shared in the privacy notice, residents of the European Economic Area (“EEA”), Switzerland and the United Kingdom (“UK”) may have certain rights under applicable data protection laws, including the EU General Data Protection Regulation, the UK General Data Protection Regulation (collectively the “GDPR”), local laws implementing or supplementing the GDPR, and the Swiss Federal Act on Data Protection. If you are a citizen or resident of a European Economic Area (“EEA”) country, the UK, or Switzerland, you may have certain rights regarding your personal information, including:

    • Right to access information maintained about you;

    • Right to ensure your data is accurate and complete;

    • Right to erasure, or the right to be forgotten;

    • Right to restriction or suppression of personal data;

    • Right to data portability;

    • Right to withdraw consent if consent was previously provided; and

    • Right to raise a complaint to the relevant supervisory authority.

If you make a request of us under the above rights, we expect to be able to respond to your request without charge as a general matter. However, we reserve the right to collect a reasonable charge when you request the transcription, reproduction or transmission of such information. We will notify you, following your request for transcription, reproduction or transmission of the appropriate amount that will be charged. You will then have the opportunity to withdraw your request after notification of the charge.

We rely on the following legal grounds to process your personal information, namely:

    • Performance of a contract — We may need to collect and use your personal information, including sensitive information, to enter into a contract or to perform a contract that you, your company, or some other intermediary acting on your behalf has with us.

    • Legitimate interests — We may use your personal information for our legitimate interests to improve our products and services. Consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable laws, we may use technical information as described in this Privacy Policy and use personal information for our marketing purposes.

    • Consent — Where required by applicable laws, we will rely on your consent for collecting your personal information.  Except when otherwise permitted by law, we obtain the requisite consent prior to collecting and prior to using or disclosing your personal information. You may provide your consent to us orally, in writing, by electronic communication or any other means reasonably capable of conveying your consent.  If necessary, we will obtain your express consent if we collect, use or disclose sensitive personal information in our capacity as a data controller. We may also share your data with third-party partners for whom you have given us consent.  Your consent may be intrinsic to the circumstances such as in the case where you have already provided personal information to us and you maintain your relationship with us or where you provide our representatives with your contact details so that we can contact you. Except when otherwise permitted by law we will only use the data for the purpose for which it was given. From time to time, we may collect, utilize or disclose your personal information based on your consent and as otherwise permitted by law. When your consent is required, you may withdraw your consent at any time (unless withdrawing the consent would frustrate the performance of legal obligations) upon providing to us a 30-day notice. However, the withdrawal of your consent may adversely affect our ability to provide our products and services to you and to maintain our relationship.

We will only process personal information for a specific purpose or for any other purposes specifically permitted by applicable data protection legislation.

If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For EEA countries Data Protection Authority (“DPA”) contact details can be found here. For the United Kingdom contact details for the UK Information Commissioner’s Office can be found here. For contact details for the Switzerland Federal Data Protection and Information Commissioner can be found HERE.

If you are in the UK, you may contact DataRep, our Data Protection Representative in the UK, to raise a question to us, or otherwise exercise your rights in respect of your personal data, by:

    • mailing your inquiry to: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

Please refer to DataRep’s privacy notice at www.datarep.uk/privacy-policy to understand how it will handle the personal data required to undertake its services. If you have any concerns, please contact us.

Australia

Under the Australian Privacy Act 1988 (Cth), if you are an Australian resident, you may have certain additional rights regarding your personal information, including, for example, the right to access and correct the information that we hold about you, and a general requirement to ensure the quality and accuracy of the personal information collected. You may request access to any of the personal information we hold about you at any time, but we may charge a fee for our costs of retrieving and supplying the information to you. If any of the personal information we hold about you is incorrect, inaccurate, or out of date, you may request that we correct it. We will generally rely on you to ensure the information that we hold about you is accurate and/or complete.

Access and correction requirements in the Australia Privacy Act 1988 (Cth) operate alongside and do not replace other informal or legal procedures by which an Australian resident can be provided access to or correction of his or her personal information, such as Australia’s Freedom of Information Act 1982.

If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For Australia, the Office of the Information Commissioner may be contacted either via www.oaic.gov.au, by phone at 1300 363 992, or at GPO Box 5218 Sydney NSW 2001.

AUSTRALIA COMPLAINTS POLICY: This policy provides information about our internal dispute resolution (IDR) process.  Our IDR service is provided to you free of charge.

Multi Service Pty Limited ACN 080 216 173 and its affiliates and subsidiaries (we/us/our) believes that it is essential for us to have the ability, authority and proper training to hear and respond appropriately to any complaints or disputes raised by our customers.   

How you may lodge a complaint:  You can lodge complaints by contacting our Complaints Officer, by:

    • telephoning 1-913-451-2400

You may also lodge a complaint by speaking to any representative of our business who will refer you to the Complaints Officer. You should explain the details of your complaint as clearly as you can.  You may do this verbally or in writing.  In order to assist complainants who might need additional assistance to lodge a complaint, we:

    • offer multiple methods for lodging complaints, including phone, email, letter, social media, in person, or online;

    • do not require complaints to be in writing;

    • ensure that information provided to the public about our IDR process, including this policy, is available in a range of languages and formats (including large print and audiotape);

    • provide training to all staff (not just complaints management staff) to enable staff to be able to identify, support and assist complainants who need additional assistance, including cross-cultural training; and

    • allow representatives to lodge complaints on behalf of complainants, including financial counsellors, legal representatives, family members and friends.

Dealing with complaints:  Our process for dealing with complaints is as follows:

    1. Acknowledgement:  We will acknowledge receipt of your complaint promptly – that is, within one (1) business days of receiving it, or as soon as is practicable.

    1. Assessment and investigation:  We will review your complaint carefully and promptly, taking such steps and reviewing such documents as reasonably necessary. 

    1. IDR response:  We will provide an ‘IDR response’, which is a written communication that sets out the final outcome of your complaint through our IDR process and your right to take your complaint to AFCA if you are not satisfied with the IDR response.  If we reject or partially reject your complaint, we will clearly set out the reasons for our decision.

Response timeframes:  Generally, we will provide an IDR response to you no later than thirty (30) calendar days after receiving the complaint.  We do not need to provide an IDR response to you if we close your complaint by the end of the fifth business day after receipt because we have:

    1. resolved the complaint to your satisfaction; or

    1. given you an explanation and/or apology we can take no further action to reasonably address your complaint.

However, we must provide a written IDR response for complaints closed by the end of the fifth (5th) business day after receipt if:

    1. the complainant requests a written response; or

    1. the complaint is about hardship.

Our external dispute resolution scheme – AFCA:  If we do not reach agreement on your complaint, you may refer your complaint to the Australian Financial Complaints Authority (AFCA).  You can contact the AFCA scheme:

    • by phone on 1800 931 678;

    • in writing to GPO Box 3, Melbourne VIC 3001.

The AFCA scheme is a free service established to provide you with an independent mechanism to resolve specific complaints.

Canada

Under the Personal Information Protection and Electronic Documents Act (Canada) or similar provincial laws in Canada, if you are a Canadian resident, you may have certain additional rights regarding your personal information, including, for example, the right to access and correct the information that we hold about you, and a general requirement to ensure the quality and accuracy of the personal information collected. You may request access to any of the personal information we hold about you at any time, but we may charge a fee for our costs of retrieving and supplying the information to you. If any of the personal information we hold about you is incorrect, inaccurate, or out of date, you may request that we correct it. We will generally rely on you to ensure the information that we hold about you is accurate and/or complete.  TreviPay is the controller of personal information collected in connection with its offering of credit products in Canada. 

If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For Canada, the contact details for the Privacy Commissioner of Canada can be found at www.priv.gc.ca.

New Zealand

Under the New Zealand Privacy Act 2020, if you are a New Zealand resident, you may have certain additional rights regarding your personal information, including, for example, the right to access and correct the information that we hold about you. You may request access to any of the personal information we hold about you at any time, but we may in certain circumstances charge a reasonable fee for our costs of retrieving and supplying the information to you. If any of the personal information we hold about you is incorrect, inaccurate, or out of date, you may request that we correct it. We will generally rely on you to ensure the information that we hold about you is accurate and/or complete.

You may also contact the Financial Services Complaints Limited (FSCL) – A Financial Ombudsman Service (“FSCL”) scheme.  FSCL is our independent external ombudsman and dispute resolution service that has been approved by the Minister of Consumer Affairs under the Financial Service Providers (Registration and Dispute Resolution) Act 2008. FSCL’s service is free of charge to you. The FSCL scheme should only be utilized after you have attempted to resolve the issue with TreviPay.  The FSCL scheme is a free service to consumers established to provide You with an independent mechanism to resolve specific complaints. The FSCL scheme can be contacted by telephone at 0800 347 257; or by email to: complaints@fscl.org.nz; or by completing the website’s on-line complaint form; or in writing sent to: FSCL, PO Box 5967, Wellington 6140

If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. For New Zealand, the Privacy Commissioner may be contacted by the methods specified here: https://www.privacy.org.nz/about-us/contact/.  

Singapore

In Singapore, usage by us of your personal information is subject to regulation under the Personal Data Protection Act 2012 (“PDPA”) of Singapore. Under the PDPA, you have certain rights regarding your personal data, which term refers to data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. In general, an organisation such as ourselves must not collect, use or disclose your personal data unless the purpose for such collection, use or disclosure is notified to you and you give consent for such collection, use or disclosure.  

In addition, you have certain additional rights, including but not limited to, the following:

    1. the right at any time to withdraw consent for our collection, use or disclosure of personal data. Please note however that if you do withdraw consent, this may impact our ability to continue to provide certain products or services to you.

    1. the right to access your personal data that is in our possession or under our control. This would include the right to know how we may have used or disclosed your personal data over the last year before you make a request for access. However, where you make such a request, we are entitled to charge a fee to cover the incremental costs associated with processing your request.

    1. the right to ensure the accuracy of your personal data that is in our possession or under our control and accordingly to require us to correct any error or omission in such personal data that is in our possession or under our control.

Furthermore, under the PDPA, we are generally required:

(a) to implement reasonable security arrangements to protect personal data in our possession or under our control from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks;

(b) to cease retention of personal data or dispose of it in a proper manner when it is no longer needed for any business or legal purpose;

(c) whenever we transfer any personal data from Singapore to another country, to ensure that the transferred personal data will be accorded a level of protection in that other country that would be comparable to the protection under the PDPA;

We are also subject to certain requirements under the PDPA concerning responding to and managing the consequences of any unauthorised data breaches. If you wish to have more information as to how we handle or what measures we take to protect your personal data, you may contact our Data Protection Officer at Legal@TreviPay.com.  

If you are dissatisfied with how we have or how we will handle your personal data, please do also contact our Data Protection Officer at  Legal@TreviPay.com, so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For Singapore, the Personal Data Protection Commission may be contacted via the details provided here: https://www.pdpc.gov.sg/Contact-Us.

California

Under the California Consumer Privacy Act of 2018 (CCPA), if you are a California resident, you may have additional rights regarding your personal information that are described in this section. We do not sell personal information to third parties. The types of personal information that we may collect from you will vary depending on the TreviPay entity and/or the services you may engage us to provide. Under the CCPA, the different categories of personal information we might collect including, but not be limited to: identifiers (e.g. contact information, government IDs, cookies); information protected against security breaches (e.g. name and financial account, social security number, user name and password, or medical information); protected classification information (e.g. race, gender); commercial information; internet/electronic activity; geolocation; audio/video data; professional or employment related information; education information; biometrics; and inferences from the foregoing categories.

California residents who have provided their personal information to us have certain rights and may make various requests to exercise those rights under the CCPA. Qualifying individuals have the right, for example, to request:  (i) information regarding the collection or disclosures and/or sale, if any, of their personal information to third parties; (ii) no more than twice every 12 month period, copies of personal information collected about them over the last 12 months; (iii) that we not sell their personal information to third parties, which we already do not do; and (iv) that such personal information be deleted under certain circumstances. Qualifying individuals also have the right not to be discriminated against because they exercised any of the rights provided for under the CCPA.

As a California resident, you have the right to designate an authorized agent to make a request under the CCPA on your behalf. By submitting sufficient and verifiable documentation (e.g. an agency form) along with your request, you can designate an authorized agent to make requests under the CCPA related to your personal information. To help better protect your personal data we can deny any request by an agent who does not submit sufficient proof that he or she has been authorized by you to act on your behalf.

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, so we do not take any action in response to this signal. The Company does not have a mechanism in place to respond to DNT signals. Instead, in addition to publicly available third-party tools, we offer you the choices described in this Privacy Policy to manage the collection and use of information about you.

We do track some activity across websites (e.g. your search terms, the website you visited before you visited or used the services and other clickstream data) and we may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.

We may need to collect additional information to verify the identity and legitimacy of the requesting party, and we will respond within 45 clays of receiving such requests as required under the law. Such requests may be submitted to us using the contact details and methods described above.

If you are dissatisfied with how we have dealt with your personal information, please contact us at the details above so that we can try to find a solution. You may ultimately choose to raise your concern with the applicable data privacy regulator. For California, the Attorney General’s office may be contacted via the details provided here.