Vesta EU Privacy Policy

    Last Modified: October 9, 2023

     

    Vesta Payment Solutions, Ltd. (Vesta Europe), is located at Vesta Building, Finnabair Business Park, Dundalk, County Louth, Ireland A91 E934. This EU Privacy Policy (“EU Privacy Policy”) applies to Vesta Europe and also to Vesta Corporation located at 5400 Meadows Road, 5th Floor, Lake Oswego, OR 97035 USA. In this Privacy Policy Vesta Europe and Vesta Corporation are collectively referred to as “Vesta”. This EU Privacy Policy is in addition to the general Vesta privacy policy located at trustvesta.com. Whenever there is a difference between this EU Privacy Policy and the general Vesta Privacy Policy, this EU Privacy Policy applies instead.

    When you are using the Vesta services, Vesta is committed to the privacy and security of the information it collects. This EU Privacy Policy describes the following important topics for users of the Vesta services:

    • What information Vesta collects and how it is collected.
    • How Vesta uses information
    • Retaining and deleting personal data
    • To whom Vesta may disclose information.
    • How Vesta protects information.
    • How individuals may access personal information to correct or delete it.
    • Cross Border Transfers of your Information.

    In providing Vesta services and to protect against and reduce the risk of fraud, you are required to provide us with certain data such as your credit or debit card details. By consenting to, and agreeing the terms of, this Privacy Policy, you expressly consent and agree to us processing your data in the manner set out herein.

    We do not provide data to third party marketing companies. However, in limited circumstances we will share some of your information with third parties under strict restrictions, as described in more detail within this policy

    What information Vesta collects and how it is collected

    This policy covers Vesta’s treatment of personally identifiable information collected when you visit trustvesta.com. This policy does not cover any other Vesta owned sites or any sites operated by Vesta on behalf of our clients. Information collected by Vesta on sites operated on behalf of our clients is covered by their respective customer privacy policies.

    Information Collection and Use

    When you use the Vesta services, you provide us with basic information about you, which may include name, mailing address, postal code, email address, telephone number, credit card number, debit card number, card expiration date, CVV number, bank account number, merchant identification, personal identification number, cookies, time zone, language, browser information, JavaScript settings, type of mobile device, mobile carrier, demographic information and any other information that Vesta may collect in order to process payments. The specific types of information we collect may change from time to time based on the nature of the services we provide to you. When you communicate with us for payment related queries or other purposes (e.g., by emails, faxes, phone calls, etc.), we retain such information and our responses to you in the records of your account. We may also reach out to third party service providers for more information based on the information you have given.

    In order to protect all our customers against potential fraud, we verify the information you provide with merchant acquirers. During such verification, we receive personally identifiable information about you from such services. In particular, if you register a credit card or debit card or bank account with Vesta, we will use card authorisation services to verify that your bank or card information and address match the information you supplied to Vesta, and that the card has not been reported as lost or stolen.

    We may also collect information about you from other sources, including other companies (subject to their privacy policies and applicable law).

    How Vesta uses information

    We receive, hold and process your data on servers located in Ireland and at other Vesta facilities in the U.S. You agree that we may use your personal information to:

    • process transactions and provide the Vesta Services;
    • verify your identity, including during payment device registration and password/ PIN reset processes;
    • resolve disputes, collect fees, and troubleshoot problems;
    • provide you with customer support services;

    In addition, when you use the Vesta services or process payment transactions with Vesta, we use the provided information to verify and append information to prevent and combat fraud; to comply with government regulations and card association rules; and to perform various research and analytics. We continue to use information you provide internally for record keeping, internal reporting, and support purposes, and to compile and disclose information in the aggregate where individual or user information is not identifiable.

    Retaining and deleting personal data

    Our data retention policies and procedures are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of your personal data. Personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose. Notwithstanding this, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

    To whom Vesta may disclose information

    Vesta may disclose your information under the following circumstances:

    • To Vesta employees, contractors and agents to assist with any Vesta products and services provided to you or by us now or in the future.
    • To payment processors and banks in connection with processing your payments and in response to the requirements of the credit card associations or a civil or criminal legal process.
    • In order to help Vesta with fraud prevention, debt collection, emergency services, crime prevention, anti-money laundering and counter-terrorist financing verification requirements, we may disclose information about you to debt collection agencies, fraud prevention agencies, security agencies, financial institutions, emergency services, crime prevention agencies and telecommunications companies.
    • To other suppliers we engage to process data on our behalf in connection with providing Vesta services to you.
    • We may provide aggregate information and statistics to third parties, for example, content partners and advertisers. These statistics will not include information that can be used to identify any individual.
    • We may disclose personal information collected from you to persons or companies that we retain to carry out promotions and other activities for which you have registered or in which you have otherwise asked to participate.
    • We may be required to disclose personal information in response to a lawful request by public authorities, including to meet European or national security or law enforcement requirements.

    Other than as described above, Vesta does not disclose customer information to third parties. By accepting this Privacy Policy and continuing to use Vesta services, you expressly consent to the transfer of your data to those third parties for the purposes listed. In the event that Vesta’s practice regarding disclosure of customer information to third parties should change in the future, Vesta will provide a clear, conspicuous and readily available mechanism for customers to opt out of such information disclosures.

    How Vesta protects information

    Vesta provides physical, electronic, and procedural safeguards to protect information we process and maintain. We use safeguards such as firewalls and data encryption and we enforce physical access controls to our buildings and files. Any information you make available to Vesta while using the Vesta services is encrypted using Secure Socket Layer (SSL) technology. This helps protect information from being intercepted and misused by third parties when it is traveling over the Internet. When Vesta receives your information, it is stored on a secure server and is only accessed by authorized personnel. Please be aware that although Vesta takes steps to create a secure environment for personal information, Vesta cannot guarantee the security of any personal information transmitted online. Vesta will make reasonable attempts to notify you if there is a security breach involving your information which results in a risk of identity theft or as otherwise required by law.

    How individuals may access personal information to correct or delete it

    Vesta will retain information for as long as you use the Vesta services and for a reasonable time thereafter. Individuals whose personal data Vesta is processing have rights under GDPR to access, correct or delete their personal data. If you’d like us to correct or delete personal information that you have provided, please contact us at info.ireland@trustvesta.com. and we will respond in a reasonable time. Please note that we may be required or permitted to retain certain information by law. If you become aware of any inaccuracies in the personal or company information you have provided, you must notify us and correct them as soon as possible.

    Cross Border Transfers of your Information

    Vesta is committed to adequately protecting your information regardless of where the data resides and to providing appropriate protection for your information where such data is transferred outside of the EU.

    Please be aware that your information may be transferred to and processed in the U.S. By using the Vesta services, you consent to such transfer and processing. Vesta complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Vesta has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Vesta has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

    Children

    We do not market to or knowingly solicit data from children under the age of 18. A customer must be at least 18 years old in order to use the Vesta services. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at info.ireland@vesta.io. We will delete the information from our files within a reasonable time.

    Changes

    This EU Privacy Policy may be updated from time to time for any reason. We will post the new EU Privacy Policy here. You are advised to consult this EU Privacy Policy regularly for any changes.

    Contact Us

    In compliance with the EU General Data Protection Regulations (GDPR), Vesta commits to resolve complaints about your privacy and our collection or use of your personal information. If you have any questions or suggestions regarding the EU Privacy Policy, please email us at info.ireland@vesta.io.