- Non-personal information is data about usage and service operation that is not directly associated with a specific personal identity. CARDKNOX may collect and analyze non-personal information to evaluate how visitors use the CARDKNOX Website.
2.1. CARDKNOX may gather aggregate information, which refers to information your computer automatically provides to us and which cannot be tied back to you as a specific individual. Examples include referral data (the Web sites you visited just before and just after our site), the pages viewed, time spent at our Web site, and Internet Protocol (IP) addresses. An IP address is a number that is automatically assigned to your computer whenever you access the Internet. For example, when you request a page from one of our sites, our servers log your IP address to create aggregate reports on user demographics and traffic patterns and for purposes of system administration. Important Notice: If you are a citizen of a country located within the European Economic Area (EEA), please see Section 7 below (“EU General Data Protection Regulation (GDPR)”) regarding how our collection of such information, including IP addresses, relates to you.
2.2 CARDKNOX may also obtain information from merchants or vendors who use the Services (“Users”) and from the customers of such Users (“Customers”). If you are a Customer, when you make payments or transactions utilizing the User’s website or payment application, CARDKNOX will collect some of your transaction information. Cardknox will not collect this information directly from you, but, rather, through the User. Your agreement with the User should explain how the User shares your information with CARDKNOX. If you have any questions regarding the User’s sharing of your information with CARDKNOX, you should direct such questions to the User. Depending on how the User implements the Services, CARDKNOX may collect this information directly from you or from the User. CARDKNOX collects this information in accordance with the rules and regulations of the Card Brands, including Visa, MasterCard, Discover, and American Express. CARDKNOX must collect this information in order for your payment or transaction to be approved by the appropriate Card Association. CARDKNOX discloses your information to the relevant Card Brand, but only to the extent necessary for your transaction to be approved. The type of information that we collect may include payment method information (such as credit or debit card number or bank account information), transaction amount, and date of transaction. Depending on the transaction, we may also collect your name, email address, billing or shipping address, or your transaction history with that respective User. Different transaction methods may require the collection of various categories of information. The User may determine the transaction methods made available to you. The type of transaction information we collect will directly depend on those payment methods utilized.
- Every time you request or download a file from the Web site, CARDKNOX may store data about these events and your IP address in a log file. CARDKNOX may use this information to analyze trends, administer the Web site, track users’ movements, and gather broad demographic information for aggregate use or for other business purposes.
- CARDKNOX may use personal information to offer or provide services that support its activities or those of CARDKNOX participants or members, and their collaboration with CARDKNOX. When accessing restricted CARDKNOX Web pages and portals, your personal user information may be tracked in order to support collaboration, ensure authorized access, and enable communication among participants or members.
- EU General Data Protection Regulation (“GDPR”).
7.1 General. Although CARDKNOX does not actively market or sell our Services or products in the European Economic Area (“EEA”), we may, in order to continue serving an existing business relationship, collect or transfer personal information from Customers located within the EEA (“Data Subjects”). Personal information that may be collected by us from a Data Subject in the EEA may include: name, billing and/or shipping address, IP address, phone number, email address, payment method information (such as credit or debit card number or bank account information), transaction amount, date of transaction, and transaction history with a specific User.
7.2 Lawful Grounds to Process and Obtain Consent. Data Subjects whose personal information is collected in the EEA may withdraw consent at any time where consent is the lawful basis for processing the Data Subject’s information. Should a Data Subject withdraw consent for processing or otherwise object to processing that impedes our ability to comply with applicable regulations, a Data Subject may be unable to avail him/herself of our Services or products.
7.3 Data Subjects’ Rights. All individuals whose personal information is held by CARDKNOX have the right to:
- Ask what information CARDKNOX holds about them and why;
- Ask for a copy of such information or access to such information;
- Be informed how to correct or keep that information up to date;
- Be informed on how CARDKNOX is meeting its data protection obligations.
Furthermore, for data collected in the EEA, Data Subjects have the right to:
- Ask for a copy of such information to be sent to a third party;
- Ask for data to be erased if possible and required under GDPR;
- Ask for processing of personal information to be restricted if possible and required under GDPR;
- Object to processing of personal information if possible and required under GDPR;
- Object to automated decision-making where applicable; and
- Contact a supervisory authority in the EEA to lodge a complaint regarding CARDKNOX’s processing of your personal data.
7.4 Non-Disclosure of Information. CARDKNOX does not share any nonpublic personal information with any nonaffiliated third parties, except in the following circumstances:
- As necessary to provide the service that a Customer or Data Subject has requested or authorized, or to maintain and service the Customer’s Data Subject’s account;
- As required by regulatory authorities or law enforcement officials who have jurisdiction over CARDKNOX and its affiliates or as otherwise required by any applicable law; and
- To the extent reasonably necessary to prevent fraud and unauthorized transactions.
CARDKNOX employees are prohibited, both during and after termination of their employment, from disclosing nonpublic personal information to any person or entity outside CARDKNOX, including family members, except under the circumstances described above. An employee is permitted to disclose nonpublic personal information only to such other employees who need to have access to such information to deliver our Services to the Customer or Data Subject.
7.5 Contact Information for Persons Located Within the EEA. If you are located in the (“EEA”) or Switzerland and have questions or concerns regarding the processing of your personal information, you may contact us at: email@example.com (reference “GDPR” in the subject line), or write to us at: Cardknox Development Inc., 465 Oak Glen Road, Howell, New Jersey 07731 USA. If as an EEA Citizen, you believe that we have not adequately resolved any such issues, you have the right to contact the EU supervisory authority.
- We respect the privacy of every individual who uses the Site and we will only process and use the data obtained through the Site for our own business purposes. CARDKNOX uses a variety of means to protect personal information provided by users of the Web site, including using firewalls and other security measures on its servers.
[Last Updated: August 2019]