Legal Policies

Protect Your Business

Privacy informing notice

Last updated: May 13,2025

This Privacy Notice ("Notice") describes what personal data Verifone Payments B.V. (formerly known as Avangate B.V.), Avangate Inc., 2Checkout.com Inc or any of their affiliate companies part of the Verifone Payments group doing business as 2Checkout (each "Verifone", "Avangate", "2Checkout", "We", "Us" or "Our") collect, record, store, use and process and how, and it applies to us as long as we process personal data that belongs to individuals ("you").

This Notice ensures compliance with all major applicable data protection and privacy legislation globally, including other relevant laws, to protect your personal data and privacy across all jurisdictions.

2Checkout is part of the Verifone Group. As such, Verifone applies a unified set of privacy and data protection principles globally, ensuring consistent standards across all Verifone entities — including subsidiaries, branches, representative offices, and affiliates — regardless of geographic location, market type, or target customer segment. The full list of Verifone group companies is available here.

Verifone may provide separate privacy notices that apply to specific products or services that we offer, in which case this Notice does not apply. Where this Notice applies, Verifone may provide additional or supplemental privacy notices to individuals at the time we collect their data, which will govern how we may process the information provided at that time. We may alter this Notice as needed for certain products or services.

Important Note!!!

Certain services provided by Verifone Payments entities are subject to anti-money laundering regulations and other legal obligations applicable to financial institutions. In compliance with these requirements, we may be required to perform Know Your Customer ("KYC") checks on our merchants, vendors and assess the risk profiles of shoppers who intend to use specific Verifone Payments services. These checks are essential to ensure the security and integrity of financial transactions and to prevent fraudulent activities.

Please note that your personal data may be transferred outside your country of residence to comply with international regulations. Additionally, if potential risks or concerns are identified, further due diligence may be carried out, and appropriate measures will be implemented as required by law.

For Shoppers: Verifone conducts fraud prevention activities related to online payments, which may include monitoring transaction data, verifying payment details, and applying risk scoring mechanisms to detect suspicious activity ("AML" checks). These measures are designed to safeguard the security of users and protect financial information during online transactions. In certain instances, the processing of personal data may involve scoring or profiling to assess potential risks, as mandated by applicable regulations. Consent will be requested where necessary, and further details on these processes can be found in the relevant sections of our privacy notice.

For Merchants, Vendors and Business Partners (e.g., affiliate marketers, selling partners): Verifone processes personal data in accordance with legal obligations, including the collection of additional information to verify identity, business ownership, financial history, or transaction patterns. This information may also be shared with third-party service providers to facilitate these checks and fraud prevention activities.

We encourage you to carefully review the agreements and terms & conditions to fully understand how Verifone's services, products, and platforms are structured and configured for use.

UNDERSTANDING THIS NOTICE AT FIRST GLANCE

Below, you can find details about how your personal data is processed during the recruitment process. You have the option to quickly review this Privacy Notice using the "Overview" or read the "Full Privacy Notice" for more comprehensive information.

1. OVERWIEW

To make this Privacy Notice more accessible, we've created a quick overview for easy reference. If you need detailed information on specific topics, simply click on the links provided for each section.

This Privacy Notice applies to personal data we collect from the following:

Individuals interacting with Verifone as customers, users, or visitors, whether directly or through our platforms.
Contact persons of corporate customers and partners, acting in their professional capacities.
Visitors to our websites, online portals, and apps.

For more details, refer to Section I. - Introduction.

The name of the relevant data controller is mentioned in Section XII. - Contact.

By utilizing our services and platforms or accessing our websites, the following categories of personal data will be processed:

Identification and contact data: name, email, phone number, billing/shipping address.
Financial and transaction data: payment details, purchase history, bank information.
Usage data: information on how you interact with our websites, including IP address, browser type, and activity logs.
Communication data: any information you provide in emails, support requests, or social media interactions.
Marketing data: Insights gathered from marketing interactions, including preferences and feedback.

For more details, refer to Section II. - Categories of personal data we process.

The data collected will be utilized to:

Fulfill our contractual obligations, such as processing orders and providing customer support.
Comply with legal requirements, including verifying your identity and preventing fraud.
Improve our products and services based on user feedback and usage patterns.
Send marketing communications, if you have given us consent.

Additionally, further information on the processing of sensitive data, including KYC & AML processing activities, automated decision-making, and related processes, is available for clarification in Section III. - Personal data processing activities, Section IV. - Children's privacy and Section IX - Using of cookies and other tracking technologies

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Notice. This includes meeting our legal, regulatory, or contractual obligations. After the retention period expires, your data will either be securely deleted or anonymized.

For more details, refer to Section VII. - Data retention.

All personal data processed is shared with authorized personnel, other Verifone companies, and third parties such as service providers, contractors, and legal authorities to support recruitment, operational needs, and legal compliance. Data may also be transferred internationally with safeguards in place to ensure protection.

For more details, refer to Section V. - Who we share your data and why? and Section X. Where your personal data is held.

As a data subject, you are entitled to several privacy rights, including access to your personal data, rectification, erasure (in certain cases), data portability, and the ability to restrict or object to data processing. These rights may vary depending on the jurisdiction (e.g., EU/EEA, UK, US, Brazil, Turkey). You also have the right to lodge complaints with local data protection authorities. To exercise these rights, please contact Verifone at privacy@verifone.com.

To withdraw your marketing consent or unsubscribe from marketing communications, the necessary details can be found in this section.

For more details, refer to Section VIII. - About your privacy rights.

If you have any questions or concerns, you can contact Verifone's Data Protection Officer (DPO).

The Privacy Notice is updated regularly.

For more details, refer to Section XI.- Amendments and Section XII. - Contact.

2. FULL PRIVACY NOTICE

And from here, you can continue to read the full Privacy Notice.

I. Introduction

1. Applicability of this Notice

This Notice applies to all Verifone Payments entities mentioned below and fully detailed in Section XII. – Contact:

All past, present and prospective customers and end-users who are individuals . This includes one-person businesses, legal representatives or contact persons acting on behalf of our corporate customers.

Non-Verifone customers. These could include anyone who visits a Verifone's websites and platforms as follows:

Verifone Payments BV

https://www.2checkout.com/

2Checkout MyAccount (2co.com)

https://secure.2checkout.com/cpanel/logon.php

https://www.2co.com/

https://blog.2checkout.com/

https://www.avangatenetwork.com

https://secure.avangate.com/affiliates/login.php

https://secure.avangate.com/partners/

http://store.avangate.com/

https://store.2checkout.com/

Whether you are using the websites/platforms mentioned above for free or as a paid service, please note that their use is governed by our "Terms & Conditions".

This Notice does not apply to Verifone's processing of the personal data of its personnel, such as employees and contractors.

2. How we obtain the personal data?

We obtain your personal data in the following ways:

Directly from you during our interactions. This includes data you provide when you become a customer, register for our online services, complete forms,sign a contract with us, use our products or services, contact us through one of our channels.

Indirectly from your employer (when you may act as a legal representative, authorized personnel or contact person of your employer). From third-party partners (including identity and verification providers or screening partners such as credit reference agencies), affiliates, or from publicly available sources.

Automatically when we collect certain information using cookies and similar technologies when you browse our websites.

We process your personal data using both manual and automated methods. While some decisions are made automatically, they are reviewed by our team to ensure accuracy and fairness. Processing is not fully automated, we maintain a human element in our decision-making processes.

II. Categories of personal data we process

3. What is personal data?

Personal data refers to any information that identifies or can be linked to an identifiable natural person. Personal data we process about you includes:

Identification data: your name, date and place of birth, ID number, title/position/role, nationality and a specimen signature, fiscal code/social security number, proxy data (including any associated legal documentation or authorization), access credentials. In the same way, we may be required to collect your age where the applicable law imposes an age limit.

Contact details: e-mail address, phone number, billing/shipping address.

Know our customer data as part of customer due diligence: such as business information, ownership, and control information, identity information, including ID, financial data, information required for Know Your Customer (KYC) obligations, utility bills, credit, litigations and financial history, to prevent fraudulent conduct or behaviour that contravenes international sanctions and to comply with regulations against money laundering, terrorism financing and tax fraud.

Underwriting data: business information, ownership, and control information, identity information, including ID, financial data, information required for Know Your Customer (KYC) obligations, utility bills, credit, litigations and financial history, full name of the business owner, date of birth of the Merchant/business owner, physical address, e-mail address, phone number, SSN (social security number) or TIN (taxpayer identification number), bank information (bank name, account number, routing number), business registration details (legal name, commercial name, registration number, date and place of registration), website URL. This process might also include both processing of sensitive Personal data, namely information on criminal convictions and offenses and politically-exposed persons.

Anti-fraud data: transaction data (details of financial transactions including date, time, amount, location, and parties involved), user information (personal and account information such as name, address, contact details, account numbers), device and location information (data related to the device used for transactions and the geographic location to assess the legitimacy of transactions), authentication and authorization data (information about authentication methods, login attempts, and authorization processes to ensure secure access to accounts and services).

Supplier data: information related to individuals or entities that provide goods or services to Verifone. This data may include contact details, financial information, contractual agreements, performance metrics, and any other relevant information necessary for managing the relationship between Verifone and its suppliers.

Transaction and financial data: such as the credit or debit card number, bank account information, or payment card image, location, purchase amount, date of purchase, information about the purchased items, past purchases, (auto)renewal, chargeback, and refunds.

Computer data collected during the checkout process such as the IP address, browser type, device type, timestamps, operating system, logs activity and reports, mobile device identifier, and geographical location.

Communication data and, in particular, information we collect through various forms of interaction with you including support tickets, emails correspondences, and social media engagements and interactions, when you register for, attend, or participating in industry events, and any personal data you post on forums and discussion groups (in line with legal restrictions).

Marketing data: and, in particular such as demographic information, purchase history, and engagement metrics across our websites, emails and social media platforms, capturing insights into customer interactions, preferences, and responses to our content, social media commentary, customer feedback through surveys and support tickets, and visual or textual content shared by users.

Usage of our website(s) & platforms: and, in particular information related to your usage, such as the type of device you use, including its, unique device identifiers, IP address, operating system version, device settings, location, log data detailing the time and duration of your website visits, search data, and cookie-stored information that uniquely identifies your browser or account.

Audio-visual data: where applicable and legally permissible, we process (i) phone or video calls or chats with our sales or customer care agents, (ii) recordings of business meetings and training sessions involving us (e.g., screnn recording, remote access).These recordings are used to safeguard our premises, verify telephone orders, prevent fraud or train staff.

Sensitive data: we recognize the sensitive nature of certain personal data categories, such as race, ethnic origin, political opinions and information on criminal convictions and offenses. Our processing of such sensitive data is limited and occurs only when strictly required by law. We adhere to the rigorous legal standards governing the handling of this information and implement stringent security measures to protect it. Generally, our policy is to avoid processing sensitive personal data unless it is necessary for legal compliance or specific purposes where enhanced data protection measures are mandated.

Any other data you may provide to us: for example in connection with complaints or requests data, such as details of the complaint and/or request and any supporting documentation or evidence relevant to the complaint and/or request, such as identification data, emails, screenshots, photographs, witness statements, etc. Verifone does not exert control over the quantity or quality of the data you choose to share. Consequently, you bear full responsibility for providing accurate and strictly necessary information. In the same way, we may be required to collect your age where the applicable law imposes an age limit.

III. Personal data processing activities

4. What does processing of personal data means?

Processing of personal data refers to any activity that can be carried out in connection with personal data, such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring or deleting it in accordance with privacy applicable laws.

5. Scope and purpose of personal data processing activities

The following processing activities are conducted in accordance with applicable laws, regulations, best practices, and standard industry procedures. This ensures we fulfill our legal obligations, protect our legitimate interests, and maintain effective business operations. We only use your personal data for:

Purpose of processing

Legal basis of processing

Performing agreements to which you are a party or taking steps prior to entering into these agreements. We use your personal data when you enter into an agreement with us, or when we have to execute our obligations under these agreements.

The processing is necessary for the performance of your contract concluded with Verifone.

Compliance with our legal obligations. We use your personal data to comply with a range of legal obligations and statutory requirements, including banking and financial regulations that oblige us to perform or provide:

Integrity checks: when entering into a customer relationship with you, we have a legal obligation to consult available incident registers and warning systems and national and international sanctions lists.

Identity verification: when entering into a customer relationship with you, we have a legal obligation to confirm your identity (know your customer check). We can do this by making a copy of your identity document, which we will only use for identification and verification purposes. We may also rely on checks performed by financial institutions to verify your identity.

Credit checks: before entering into a customer relationship with you, we have a legal obligation to check whether you qualify as an eligible customer. We assess your credentials from a risk perspective and predict if you can meet your financial obligations towards us as set out in the sub-section Automated decision-making and profiling.

Fraud prevention and anti-money laundering and terrorism financing checks: we have a legal obligation to check for potential fraud, money laundering and terrorism financing. This includes monitoring unusual transactions and sanctions lists as set out in the sub-section Automated decision-making and profiling, examining user behavior and transactional patterns to detect any anomalies or suspicious activities.

Monitoring fraud alerts and incidents: we maintain records of previous fraud incidents, alerts, or reports to identify patterns and enhance our detection mechanisms.

Regulatory and statutory reports to our regulators as set out in section V. Who we share your personal data with and why?

Safety of our premises: we installed CCTV systems to protect our premises and the psihical integrity of our employes and visitors.

Conduct credit reference checks and financial due diligence involves utilizing credit history assessments and other financial evaluations to ensure transparency and integrity in financial transactions. Additionally, we verify creditworthiness and financial stability through rigorous screening procedures.

The processing is necessary to enable Verifone to comply with legal and regulatory obligations to which it is subject.

Business process execution, internal management and management reporting, namely:

Execute business processes, managing internal operations, generating management reports, handling various tasks related to day-to-day operations, ensuring smooth workflow, and providing insights through comprehensive reporting for informed decision-making.

Managing and recovering outstanding debts through contact, repayment plans, and legal actions if necessary and working with third parties (e.g. debt recovery agencies).

Handling legal claims involving Verifone, including gathering information and working with third parties (e.g. laweyrs, accountants, auditors, etc.).Improve, upgrade, and enhance our products or services (including developing new products or services and analyzing our products).

Undertake internal research for technological development (including performing data analysis and processing, market and consumer research, satisfaction research, trend analysis, and financial analysis).

Compile statistics or aggregated reports/forms relating to our offerings. We may use your information in an anonymized, de-identified, or aggregated manner that does not enable direct identification of any individual (including for fraud prevention or analytical purposes).

We process your personal data for a range of purposes that are in our interests as described above. When relying on legitimate interest, we ensure that processing remains proportionate and that your interests, fundamental rights and freedoms are respected. If you would like more information about our reasoning behind our assessment in a specific case, please contact us using the details provided in section XII. Contact.

The processing is based on Verifone legitimate interests to enhance services and products, ensuring business improvement.

Performing marketing and advertising activities. Your personal data may be used to assess your eligibility for additional products or services and for interest-based advertising and marketing. We are committed to not sharing your personal data with third parties for marketing purposes unless explicit permission is granted. We may send you email marketing communications about Verifone and Verifone products or services, invite you to events, or surveys, or communicate for marketing purposes in accordance with applicable law.

The processing is based on your prior and explicit consent.

Where the processing of your personal data is indicated above as contractually necessary for the performance of your contract with Verifone, the collection and provision of this personal data is a prerequisite for the conclusion of your contract with Verifone. Failure to provide such personal data will thus prevent Verifone from entering into such contracts with you.

6. Automated decisions and profiling

Automated decision-making and profiling are practices we avoid whenever possible. However, there are specific situations where such activities are necessary, such as fraud monitoring, terrorism financing, anti-money laundering, cybersecurity attacks, security triggers, and creditworthiness assessments. In these cases, a human factor is always involved to ensure accuracy and fairness.

7. Use of AI

Use of AI by Verifone's suppliers: in today's evolving digital landscape, AI helps companies automate various business processes. Currently, Verifone has not integrated AI into its products or services, but some of our suppliers have. Therefore, please be aware that the use of AI-embedded services or products from our suppliers is not under our direct control. However, we assure you that we only use products and services developed and used in accordance with AI applicable legislation.

Use of AI by Verifone: we use AI to enhance some of our services, including virtual assistants and chatbots, to provide a better user experience. While we strive to deliver accurate and complete information, it is possible that AI may generate false or partial responses. You are responsible for your inputs to the AI service and for deciding whether to act on any outputs. If you encounter any errors in the information provided by our AI services, please XII. Contact.

IV. Children's privacy

Our products or services are not directed at children, therefore you might be asked to check the limit age box when visiting our websites and platforms.

In addition, kindly be informed that the national laws might have a different age threshold at which a child is generally considered to be competent to provide their own consent to processing.

If we discover that accidentally we collected personal data from a child, we will remove that child's personal data from our records as soon as reasonably possible. If you believe we have mistakenly or unintentionally collected personal data of a childr without appropriate consent, please XII. Contact and we will take steps to delete their personal data from our systems.

V. Who we share your personal data with and why?

There are situations in which we need to provide your personal data to other parties involved in the provision of our services and products.

This could include data transfers within Verifone and to third parties, as follows:

Within Verifone:

individuals who have been granted official permission and clearance by the company to access specific systems, facilities, or information. These individuals are entrusted with responsibilities and tasks essential to the operations and security of Verifone's infrastructure, products or services. They possess the requisite credentials, training, and authorization to carry out their designated roles effectively and in accordance with Verifone's policies and procedures. Authorized personnel may include employees, contractors, or partners who have undergone thorough vetting processes and adhere to strict guidelines to ensure the confidentiality, integrity, and availability of Verifone's assets and data.

for internal operational needs and in instances of business restructuring, we may share data with our affiliates. We ensure that your data is used consistently with this Notice. A list of our current group companies locations is available here.

With third parties:

Government, supervisory and judicial authorities according to legal obligation that we have, including disclosing of personal data upon official requests.

Service providers, independent contractors and business partners who assist in delivering our products or services.

Upon your consent: we will share your personal data with other entities when we have your explicit consent to do so.

We might use or share information that has been aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may use or share this information in several ways, including for fraud prevention services or for analytical purposes.

If our business, assets, or operating divisions are acquired by one of our corporate affiliates or a third party (like in a sale, merger, or reorganization), your personal data will be owned by that company, unless local laws state otherwise. In such cases, the acquiring company will follow its own privacy policy, any additional privacy notices, and your privacy preferences you've shared with Verifone before the merger.

VI. How we protect your personal data

At Verifone, safeguarding your personal data is our priority. We employ a combination of appropriate organizational, technical, and physical measures designed to protect your personal data from unauthorized access, destruction, alteration, or disclosure.

We apply an internal framework of policies and minimum standards across all our business to keep your personal data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments. In addition, Verifone employees are subject to confidentiality obligations. To help us continue to protect your personal data you should always contact Verifone if you suspect that your personal data may have been compromised.

Our security infrastructure includes advanced technologies like Secure Socket Layers (SSL), firewalls, captcha and digital certificates. Additionally, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) for enhanced protection. While we strive to secure your personal data, it's important to acknowledge that no system can guarantee absolute security, especially over the internet. However, we are dedicated to continuously enhancing our security protocols and responding promptly to potential threats.

Because submissions of information over the internet are never entirely secure, we cannot guarantee the security of information you submit via the Internet and such submissions are made at your own risk. We encourage you to play a role in safeguarding your personal data by maintaining the confidentiality of your personal data.

VII. Data retention

At Verifone, we retain your personal data only as long as necessary to fulfil the purposes for which it was collected, and generally for the duration of your contract with Verifone, if any. Your personal data may be kept for longer retention periods in archives for documentary and/or evidentiary purposes or in accordance with legal or regulatory retention periods.

Once the retention period is met, we will either securely delete or anonymize it. In cases where deletion is not immediately possible, such as when the personal data is in backup archives, we ensure it is securely stored and isolated from further processing until deletion is feasible.

VIII. About your privacy rights

8. Your privacy rights

If your personal data is processed, you have rights. Based on applicable laws, your personal data protection rights may vary from jurisdiction to jurisdiction.

Please be advised that while this Notice specifically outlines data subject rights within the EU/EEA, UK, USA, Turkey and Brazil, it's possible that you may have additional data subject rights based on the laws of your country. If this applies to you, please contact us so that we can accommodate and address any data subject rights recognized by your national privacy legislation.

Your feedback and cooperation are essential in ensuring compliance with relevant regulations and upholding your privacy rights.

European Union / European Economic Area (UE Member States and Switzerland Norway Iceland Lichtenstein)

Right to be informed about the collection and use of your personal data.

Right to access and request copies of your personal data.

Right to rectification and to request inaccurate or outdated personal data be updated or corrected.

Right to be forgotten/Right to erasure, namely the right to request the deletion of your personal data. Note that this is not an absolute right. It can only be granted if one of the grounds provided for in Article 17 of the GDPR applies. Furthermore, Verifone may not respond favorably to a request for deletion in certain cases. This will be the case, for example, if Verifone is required to retain personal data in order to comply with a legal or regulatory obligation or if the processing of your personal data is necessary to establish, exercise or defend legal claims.

Right to data portability, namely, to ask for your personal data to be provided to you in a structured, commonly used and machine-readable format or transferred to another controller. Note that this right only applies to the processing of personal data based on the performance of a contract and which is carried out using automated processes (thus excluding manual or paper-based data processing). This right concerns only the personal data that you provide to Verifone, and therefore does not include derived or inferred data, which personal data has not been communicated by you but created by Verifone. The exercise of the right to portability may not prejudice the rights and freedoms of third parties.

Right to restrict processing of your personal data.

Right to withdraw consent to process your personal data at any time. This withdrawal will not affect past processing activities conducted legally prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.

Right to object, at any time, to the processing of your personal data for marketing purposes.

Right to object right at any time, for reasons relating to your situation, to the processing of your personal data whose legal basis is Verifone legitimate interest.

Other Rights: Depending on the local law of the jurisdiction in which you are located, you may have additional rights in relation to your personal data.

You have the right to lodge a complaint with a local data protection authority if you have concerns about how we handle your personal data. For authority contact details in the European Economic Area, please refer to the directory available here. If you would like to lodge a complaint with the Swiss Data Protection Authority, you may file it using the form available here.

United Kingdom

All the rights listed above regarding European Union/Economic European Area are applicable for you if you are the resident of the United Kingdom, since the UK's privacy rights are aligned with those under the European Union's General Data Protection Regulation (GDPR). Residents in the United Kingdom have the right to lodge a complaint with a supervisory authority, namely to the Information Commissioner's Office (ICO).

You can find more information how to lodge a complaint here.

United States of America

Under the US Data Privacy laws specific data privacy laws enacted by several US States, including but not limited to the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Delaware Personal Data Privacy Act (DPDPA), the Connecticut Data Privacy Act (CTDPA) and the Virginia Consumers Data Protection Act (CDPA), residents of those US States (including but not limited to California, Colorado, Delaware, Connecticut and Virginia) hold specific rights concerning their personal data processed by Verifone.

All the rights listed above regarding European Union/Economic European Area are available to you. In addition, you have the right to:

request access to or deletion of your personal data;

opt out from sale or sharing your personal data (i.e., you can instruct us to cease selling or sharing your personal data);

limit use and disclosure of your sensitive personal data;

no retaliation following opt out or exercise of your other rights as described in this Privacy Notice

We do NOT sell or share your personal data for monetary or other valuable consideration.

Right to Appeal – California and Colorado:

If Verifone does not act on your privacy rights request within the stipulated response period, we will provide a written explanation of the reasons for not taking action and your rights to appeal against the decision.

Right to Appeal – Virginia and Connecticut:

You have the right to appeal a refusal to act on your privacy rights request within a reasonable period. Within 60 days of receiving an appeal, Verifone will inform you in writing of any action taken or not taken in response to the appeal, including reasons for the decisions. If denied, you will be provided with a method to contact the Attorney General of Virginia or Connecticut to submit a complaint.

California and Delaware "Do Not Track" disclosures:

Privacy regulations in the United States, including California and Delaware laws, necessitate Verifone to disclose whether it honors your browser's "Do Not Track" settings concerning targeted advertising.

Brazil

All the rights listed above regarding European Union/Economic European Area are applicable to you if you are the resident of Brazil, since the Brazilian privacy rights are aligned with those under the European Union's General Data Protection Regulation (GDPR).

In addition, residents in Brazil have also the following rights according to the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD):

Right to anonymization: You have the right to request the anonymization of personal data that is unnecessary, excessive, or processed in violation of the law, ensuring that your data can no longer be linked to you or any other individual.

Right to lodge a complaint: you can lodge a complaint with the National Data Protection Authority (ANPD).

Turkey

All the rights listed above regarding European Union/Economic European Area are applicable to you if are the resident of Turkey, since the Turkish privacy rights are aligned with those under the European Union's General Data Protection Regulation (GDPR).

In addition, residents in Turkey have also the following rights according to the Turkish Personal Data Protection Law (KVKK):

Right to anonymization: You have the right to request the anonymization of personal data that is no longer necessary or processed in violation of the law, ensuring that your data can no longer be associated with you or any other individual.

Right to lodge a complaint: You have the right to lodge a complaint with the Turkish Data Protection Authority (KVKK).

Now that You are aware of the rights you may benefit from, you can access further information within the sub-sections 9. Supplementary information on exercising your privacy rights, as well as 10. Where to exercise your privacy rights.

This Notice should be read in conjunction with the above-mentioned regulations, which supplement but do not override it. In cases of discrepancies, the relevant national privacy law will prevail.

9. Supplementary information on exercising your privacy rights

Please note that while we strive to promptly address your requests, there may be specific situations in which Verifone is unable to immediately implement your request.

Therefore, kindly be informed that:

You can choose to withdraw consent at any time, only if the processing activity rely solely on your consent. This withdrawal will not affect past processing activities conducted legally prior to your withdrawal, nor will it affect the processing of Your personal data conducted in reliance on lawful processing grounds other than consent.

if You choose to exercise the right to erasure, it's important to note that Verifone may still have legal obligations to retain your personal data. The right to be forgotten would typically apply in the following circumstances:

when Your personal data is no longer necessary for its original purpose;

if you withdraw your consent for its processing;

when You object to the processing of your data for Verifone legitimate interests or for receiving personalized commercial messages;

in cases where Verifone unlawfully processes your personal data; or

if local laws require Verifone to erase your personal data.

if you choose to exercise the right to object to Verifone use of Your personal data for its legitimate interests if You have a valid reason. We will carefully review your objection and assess whether processing your information would have any undue impact on you that warrants discontinuing the processing of Your personal data. However, please note that You may not object to us processing Your personal data in cases where:

We have a legal obligation to do so; or

processing is necessary to fulfill a contractual obligation with You.

10. Where to exercise your privacy rights

When exercising your right, the more specific you are with your application, the better we can assist you with your question. We may ask you for a copy of your ID, or additional information to verify your identity.

We want to address your request as quickly as possible. However, based on your location and applicable laws, the response times may vary. Should we require more time to complete your request, we will notify you without undue delay and provide reasons for the delay.

To exercise any of your rights, please see section: XII. Contact

11. Accuracy of the personal data

Verifone is committed to maintaining the accuracy of your personal data held within its systems. To ensure the accuracy and relevance of this data, Verifone may conduct periodic campaigns to update personal data.

However, it is important to note that the accuracy of personal data is a shared responsibility between Verifone and each data subject. Each individual is obligated to provide accurate and up-to-date information and should proactively update their personal data as necessary.

12. Unsubscribe from our marketing communications

You also have the right to opt-out of our marketing communications at any time. Simply click the "unsubscribe" or "opt-out" link in any marketing email from us to stop receiving such updates.

IX. Using of cookies and other tracking technologies

13. Cookies

At Verifone, we use cookies and other tracking technologies to enhance your websites/platforms experience and personalize our products or services in line with legal or functionality requirements. While these cookies don't collect personal data like your name or email, they may be linked to personal data you provide us through other channels.

You can adjust your browser settings to reject cookies, but this may affect your user experience on certain parts of our websites.

For further information, please review our "Cookie Policy".

14. Social media plug-ins

We include plugins on our website from social media networks like Facebook, LinkedIn, and Twitter. You'll see their logos. We also use plugins for embedded video players. These plugins won't gather your personal data unless you activate them and click on the logos or videos. If you do, the plugins activate and send data to the provider. We don't control what data these providers collect or how they process it. For more details, check their privacy policies on their websites.

15. Links to third-party websites

Our Websites may include links external sites not under our control, including those of our partners and suppliers. Please note that we are not responsible for the content or privacy practices of these external websites. This Notice does not apply to these third-party websites; your interactions on these websites are governed by their respective privacy policies and terms.

X. Transfer of personal data

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

Specifically, our third-party service providers and affiliates operate around the world. This means that when we collect your personal data, we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Notice. If you are located in the European Economic Area, where we transfer your personal data to other countries, we rely on:

a) the European Commission adequacy decisions, which acknowledge that the non-EEA countries listed here have national laws that protect personal data to a substantially similar standard required by European Union law (for data transfers from the EEA countries);

b) the European Commission's 2021 Standard Contractual Clauses, which require non-EEA recipients of personal data to continue to protect the personal data they receive to the standard required by European Union law (for data transfers from the EEA countries);

c) International data transfer agreement and the international data transfer addendum have the legislation that guarantees an appropriate level of protection (for data transfers from the United Kingdom);

d) the Swiss Federal Data Protection and Information Commissioner Standard data protection clauses, which require recipients of personal data to protect personal data they receive to the standard required by the Swiss data protection legislation (for data transfers from Switzerland); or

e) other lawful data transfer mechanisms or derogations from data transfer restrictions, including an intra-group data transfer agreement in respect of transfers within our Verifone Group.

Further details can be provided upon request. Please see the contact information below.

XI. Amendments of this Notice

We may change or update this Notice from time to time in response to changing legal, technical, or business developments. When we update this Notice, we will take appropriate measures to communicate to you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.

You can see when this Notice was last updated by checking the "last updated" date displayed at the top of this Notice.

XII. Contact

If you have any questions about this Notice, please contact:

VeriFone Inc.

Atten: Data Protection Officer

Address: 2744 N University Drive, Coral Springs, FL 33065, Unitated States of America

Email: privacy@verifone.com

Verifone Payments B.V. (formerly known as 2Checkout and/or Avangate B.V.)

Attn: Legal Department

Address: Singel 250, Amsterdam, Noord-Holland 1016AB, The Netherlands

Email: dpo@2checkout.com