GDPR Privacy Policy

Introduction

This Privacy Policy (“Policy”) explains how GreenBox POS and its mobile applications (collectively referred to as “the ‘Applications,’” “we,” “us,” or “our”) collects, stores, uses, and shares personal data when you visit our website or use our services.

Purpose of This Privacy Policy

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Third-Party Links

This website may include links to third‐party websites, plug‐ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third‐party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified directly or indirectly. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  • Identity Data includes name, billing or mailing address, unique personal identifier, online identifier, IP address, email address, Social Security number, driver's license number, passport number, government ID number, bank account number, date of birth, photograph, phone number, or other similar identifiers.

  • Contact Data includes name, billing or mailing address, email address and telephone numbers.

  • Financial Data includes payment information such as credit card details and bank account numbers.

  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone
    setting and location, browser plug‐in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Profile Data includes your username and password, purchases or orders made by you, your interests,
    preferences, feedback and survey responses.

  • Usage Data includes information about how you use our website, products, and services.

  • Marketing and Communications Data includes your preferences in receiving marketing from our third parties and us and your communication preferences.

If You Fail to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

How is Your Personal Data Collected?

We use different methods to collect personal information from and about you including through:

  • Direct interactions: You may give us your name, billing address, shipping address, payment information, including credit card numbers, email addresses, and phone numbers.

  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.

  • Third‐party business partners. For example, online interactions you may have with our service providers, online identity and fraud verification services, social media sites, and analytics providers.

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data, although we will get your consent before sending third‐party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for Which We Will Use Your Personal Data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity
Type of Data
Lawful Basis for Processing

To register you as a new customer

a) Identity
b) Contact
c) Financial

Performance of a contract with you

To provide our services including:

a) Manage payments, fees, and charges

b) Customer support

a) Identity
b) Contact
c) Financial
d) Transaction
e) Marketing and
Communications

a) Performance of a contract with you

b) Necessary for our legitimate
interests (to recover debts due to us)

To manage our relationship with you which will include:

a) Notifying you about changes to our terms or privacy policy

b) Asking you to leave a review or take a survey

a) Identity
b) Contact
c) Profile
d) Marketing and
Communications

a) Performance of a contract with you

b) Necessary to comply with a legal obligation

c) Necessary for our legitimate
interests (to keep our records updated and to study how customers use our products/services)

To allow you to complete a survey

a) Identity
b) Contact
c) Profile
d) Usage
e) Marketing and
Communications

a) Performance of a contract with you

b) Necessary for our legitimate
interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

a) Identity
b) Contact
c) Technical

a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)

b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

a) Identity
b) Contact
c) Profile
d) Usage
e) Marketing and
Communications
f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

a) Technical
b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

a) Identity
b) Contact
c) Technical
d) Usage
e) Profile
f) Marketing and
Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

Promotional Offers From Us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased products from us and you have not opted out of receiving that marketing.

Third‐Party Marketing

We will get your express opt‐in consent before we share your personal data with any third party for marketing purposes.

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time.

Where you opt‐out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, warranty registration, other transactions.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information, please see our Cookie Policy.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of Your Personal Data

We may share your personal data across our services and with third parties to help us provide services, protect our customers from risk and fraud, market our products, and comply with legal obligations. We may share personal data with:

  • Service Providers.

  • Third parties to whom you or your agents authorize us to disclose your personal information in connection
    with our Services.

  • Social networks.

  • Merchants.

  • Partners.

  • Government agencies to support regulatory and legal requirements.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third‐party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

Whenever we transfer your personal data out of the European Economic Area (“EEA”), we ensure a similar degree of protection is afforded to it by using standard contractual clauses approved by the European Commission, which give personal data the same protection it has in Europe.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Legal Rights

As the subject of the personal data, you have rights related to the personal data that we hold about you. At any time, you have the right to:

Access

Provide the personal data you have about me.

Rectify

Correct the personal data you have about me.

Delete

Delete the personal data you have about me.

Object

Object how my personal data is used.

Restrict Processing

Request that we restrict the processing of your personal data.

Portability

Transfer of your personal data to you or to a third party.

If you wish to exercise any of the rights set out above, please contact us at support@greenboxpos.com.

Your California Privacy Rights.

If you are a California resident, please visit our Privacy Policy for California Residents for additional information about our processing of personal information and your California privacy rights.

No Fee Usually Required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

What We May Need From You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Time Limit to Respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to Our Privacy Policy

We keep our privacy policy under regular review. This version was last updated on April 23, 2021. We reserve the right to amend this privacy Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated Policy on the Website and update the Policy’s effective date. Your continued use of our Websites following the posting of changes constitutes your acceptance of such changes.

Contact Details

If you have any questions or comments about this Policy, the ways in which we collect and use your information described above, your choices and rights regarding such use, or wish to exercise your rights under the GDPR, please do not hesitate to contact us at:

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Please contact our team if you need to access this Policy in an alternative format due to having a disability.

Privacy Policy for California Residents

Effective Date: August 31st, 2021

Last reviewed: August 31st, 2021

GreenBox POS and its mobile applications (collectively referred to as “the ‘Applications,’” “we,” “us,” or “our”) is committed to protecting your personal information and your right to privacy. This Privacy Policy for California Residents (“Policy”) applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this Policy.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”).

Personal information does not include:

  • Publicly available information from government records.

  • Deidentified or aggregated consumer information.

  • Information excluded from the CCPA’s scope, like:

  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

  • personal information covered by certain sector‐specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm‐Leach‐Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

In particular, our Website has collected the following categories of personal information from consumers in the last twelve 12 months:

Category
Examples

A. Identifiers.

Name, billing or mailing address, unique personal identifier, online identifier, IP address, email address, Social Security number, driver's license number, passport number, government ID number, bank account number, date of birth, or other similar identifiers.

California Customer Records Personal Information categories.
(Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, billing or mailing address, telephone number, passport number, driver's license or government identification card number, bank account number, credit card number, debit card number, or any other financial information.

Some personal information included in this category may overlap with other categories.

C. Protected classification characteristics under California or federal law.

Age (40 years or older) and sex (gender).

D. Commercial information.

Commercial information, including records of products or services purchased, obtained, considered, or other purchasing or consuming histories or tendencies on our Site.

E. Biometric information.

Photograph to validate your identity.

F. Sensory Data

Audio recordings from customer service phone calls.

G. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

H. Geolocation data.

Physical location or movements.

I. Inferences drawn from other Personal Information.

Inferences drawn from any information identified in this subdivision to create a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, by visiting our website, filling in forms on our website, or corresponding by phone, email, or otherwise.

  • Indirectly from you. For example, by use of passive website cookies to observe your actions when you browse pages on our Website.

  • Third‐party business partners. For example, online interactions you may have with our service providers, online identity and fraud verification services, social media sites, and analytics providers.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you ask a question about our services, we will use that personal information to respond to your inquiry. If you provide your personal information to pay for services, we will use that information to process your payment information and provide you with an invoice. We may also save your information to communicate with you.

  • Website: To provide, support, personalize, and develop our Websites, products, and services, including the delivery of content, product and service offerings and targeted offers via email or text message (with your consent, where required by law).

  • Fraud and Security Purposes: To create, maintain, customize, and secure your account with us and to process your requests, purchases, transactions, and payments and prevent transactional fraud. To also help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.

  • Service and Support: To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

  • Legal and Regulatory Requirements: To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

  • To manage the day‐to‐day business needs including, but not limited to, payment processing and financial account management, business planning and forecasting, security and fraud prevention, and compliance with legal and regulatory obligations.

  • To gather broad demographic information and to monitor the level of activity on our Site.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category

A. Identifiers

B. California Customer Records Personal Information categories.

C. Protected classification characteristics under California or federal law.

D. Commercial information.

E. Biometric information.

F. Sensory Data

G. Internet or other similar network activity.

H. Geolocation data.

I. Inferences drawn from other Personal Information.

We disclose your personal information for a business purpose to the following categories of third parties:

  • Service providers.

  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with our Services.

  • Social networks

  • Merchants

  • Partners

  • Government agencies including to support regulatory and legal requirements.

Sales of Personal Information

In the preceding twelve (12) months, we have not sold personal information.

Your Rights and Choices

If you are a California resident, you have the right to request that we:

1. Disclose to you the following information covering the 12‐month period prior to your request (“Access Request”):

  • The categories of personal information we collected about you.

  • The categories of sources for the personal information we collected about you.

  • Our business or commercial purpose for collecting that personal information.

  • The categories of third parties with whom we share that personal information.

  • The specific pieces of personal information we collected about you.

2. Delete any of your personal information that we collected from you and retained, subject to the following exceptions:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

  • Debug products to identify and repair errors that impair existing intended functionality.

  • Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

  • Engage in public or peer‐reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

  • Comply with a legal obligation.

  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer
request to us by either:

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12‐month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

  • Describe your request with sufficient detail that allows us to understand, evaluate, and respond to it properly.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty‐five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12‐month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non‐Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.

  • Charge you different prices or rates for goods or services, including through granting discounts or other
    benefits, or imposing penalties.

  • Provide you a different level or quality of goods or services.

  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA‐permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt‐in consent, which you may revoke at any time.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to support@greenboxpos.com.

Changes to Our Privacy Policy

We reserve the right to amend this privacy Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated Policy on the Website and update the Policy’s effective date. Your continued use of our Websites following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this Policy, the ways in which we collect and use your information described above, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Please contact our team if you need to access this Policy in an alternative format due to having a disability.

Coyni Documents

Select a document below to view or download.