PRIVACY POLICY FOR EUROPE AND CANADA

Your personal data is being processed by Yapstone International Limited (“YapStone”, “we”, “us” and “our”).

Your privacy is important to us. In order to better protect your privacy, we have developed this Privacy Statement (“Privacy Statement”). We provide payments gateway and third-party payment processor and payment services provider services (collectively “Processing Services”) through which users of online platforms or online marketplaces make payments.

This Privacy Statement applies to you whether you are a property owner, property manager and other payees on whose behalf we perform our Processing Services (“Merchants”), an employee or agent of a Merchant, or an individual contracting with a Merchant (or representing a group of individuals contracting with a Merchant) and using our Processing Services to make a payment to that Merchant. This Privacy Statement explains our online information practices, how we will manage your personal data, why we use it, the choices you can make about the way your information is collected and used by YapStone and how to contact us in relation to this use.

This Privacy Statement is based on these principles:

  1. We will disclose how we use, collect and why we retain your personal data which we collect;
  2. Unless we need to use your information to provide our services to you or to comply with a legal or regulatory requirement:

(a) We will give you an opportunity to restrict our use of your personal data;

(b) We will give you an opportunity to tell us not to give your personal data to others; and

  1. We will give you the opportunity to correct your personal data in our records when it has been erroneously recorded.

These principles and our Privacy Statement apply regardless of how we collect the personal data (electronically or otherwise).

This Privacy Statement (together all policies, notices, and other content which appears on (or which is linked to) YapStone’s website(s), including, without limitation any website operated by YapStone, and any subdomain of any such websites or any mobile application for such websites (collectively, “Websites” or “Website) sets out the basis on which we process any personal data we receive from you (or others on your behalf). Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By using our services and/or submitting personal data to YapStone, either directly or via a website, platform, marketplace, software, or other entity which works with YapStone or uses YapStone’s services (“Partners”), you acknowledge that our use of your data is necessary for us to comply with applicable law and to provide Processing Services (on behalf of Merchants) to facilitate payment by users of online platforms or online marketplaces to Merchants to whom the users owe a payment obligation. We will use your data only in accordance with the terms of this Privacy Statement.

YapStone will comply with the Irish data protection regime, in particular the General Data Protection Regulation and any national implementing legislation and the ePrivacy Regulations 2011.

  1. PERSONAL DATA WE MAY COLLECT FROM YOU

We may collect and process the following personal data about you:

(a)        Personal data which you provide to us or one of our Partners or Merchants (such as by filling in webforms, applications, or as part of our customer due diligence procedures), including: information you provide (1) at the time of registering to use our services or our Partners’ services and who later provide such personal data to us; (2) in connection with contracting for or subscribing to the service of one of our Partners or Merchants, content you post on, to or through a Partner or Merchant; (3) in connection with requesting further services from us or any of them; or (4) information you provide when you report a problem to us or any of them in connection with our or their services, which may in each case include, for example, property ownership data, bank account information, address, telephone number, device identification or other sign-on information, geolocation data, and transaction information, as well as the use of such data;

(b)       Information regarding using devices which allow electronic tracking of technical information is further explained below in the section titled IP ADDRESSES, COOKIES AND CLICK-THOUGH URLS;

(c)        Correspondence, where you contact us;

(d)       All responses to optional surveys which you complete;

(e)        Details of the entire lifecycle of transactions you carry out through our services or those of our Partners or Merchants;

(f)        The resources which you access on our Websites or those of our Partners or Merchants, as well as details of your visits to our Websites including, but not limited to, traffic data, location data, weblogs, and other communication data, whether such details are required for our own billing purposes or otherwise;

(g)       When you initiate a payment transaction, financial information such as credit card, debit card, or bank account details in SEPA, BACS, or other Direct Debit Systems;

(h)       Personal data which we are legally required to report to the authorities for certain payment transactions, such as when the payment transaction(s) volumes reaches a certain limit;

(i)        Proof of your identity which we may request from you for identity verification purposes and to comply with applicable law. This may include collecting copies of your passport, driver’s license, utility bill, company information, or other documents we deem necessary to establish your identity, residence, or place of business. Such proofs of identification may be stored electronically on our servers in order to comply with our legal and regulatory obligations;

(j)        Proof of property ownership, verification of bank account, or information which can identify you or verify your identity or location, including your first and last name, telephone number, postal and email addresses, fax number, method of payment information (such as credit card), or the current physical location of you and any device you use to access our Website in connection with the use of our services or those of our Partners or Merchants. Such proof may be stored electronically on our servers in order to comply with our legal and regulatory obligations;

(k)       Your IP address, computer information, and the times of each access to our services or our Websites, which may be tracked against your records with us for purposes of preventing fraud, establishing your identity, creating an audit trail when using the services of YapStone, and to comply with applicable laws; and

(l)        Personal data which you provide in response to competitions which may be made available on our Websites from time to time. You do not have to participate in these; however, if you choose to you may be asked to disclose some personal data. At the time of entering the competition it will be made clear to you who will have access to your personal data and why. You are not obliged to continue with your competition entry; however, if you do so you accept that you may receive a prize. We will process your personal data on the basis that you have consented to its use in these circumstances.

  1. THIRD-PARTY PROVIDERS OF INFORMATION

We may obtain Personal Data relating to you from someone other than you. The Personal Data may be obtained from a variety of sources. The person providing the information will be asked to warrant that it will only do so in accordance with applicable data protection laws, and that it will ensure that before doing so, you are made aware of the fact that we will hold information relating to you and that we may use it for any of the purposes set out in this Privacy Statement, and where necessary that it will obtain consent to our use of the information. We may, where required under applicable law, notify you that we have been provided with your Personal Data and provide a copy of this Privacy Statement to you.

  1. IP ADDRESSES, COOKIES AND CLICK-THOUGH URLS

We may collect technical information about your computer, including, where available, your IP address, operating system, and browser type, for system administration and to report aggregate information to our Partners. This is aggregate statistical data about our users’ browsing actions and patterns. We will not sell or license your information to third parties to be used for marketing purposes, unless you have separately agreed to this.

For the same reasons, we may obtain information about your general Internet usage by using a cookie. A cookie is a file containing an identifier (a string of letters and numbers) which is sent by a web server to a web browser, and stored by the browser. Cookies contain information which is transferred to your computer’s hard drive. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. Cookies help us to improve our Website and to deliver a better and more personalised service. Cookies enable us:

  • to estimate our audience size and usage pattern;
  • to store information about your preferences, and to allow us to customise our website according to your individual interests;
  • to speed up the delivery of pages you commonly use; and
  • to recognise you when you return to one of our Websites.

We may use both “session” cookies and “persistent” cookies on our Website, as follows:

Cookie Name Cookie Type (Session/Persistent) Purpose Expiration Time
JSESSIONID Session Application session cookie End of browser session
TS019e8e4a Session Tracking connections, session management End of browser session
pll_language Persistent To determine browser language 1 year
visitor_* Persistent traffic on our Website and any Website hosted for us by Pardot 10 years

 

Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach the specified expiry date.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. If you would like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. However, if you select this setting, you may not be able to store your preferences and you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our Website. Disabling a cookie or category of cookies does not delete the cookie from your browser; you will need to do this yourself from within your browser. If you have disabled one or more cookies, we may still use information collected from cookies before your disabled preference was set. We stop, however, using disabled cookies to collect any further information.

We do not use cookies for marketing purposes and we do not share them with third parties.

We may allow third-party service providers to use cookies or similar technologies to collect information about your browsing activities over time and across different websites following your use of the Services. Third-party cookies help us learn how well our website and services are performing. We use these cookies to understand, improve and research our services available via our website. You can find more information about the third-party service cookies used in the table below.

Service Expiry date Cookie Names Purpose
Up to 2 years from set/update _utma, _utmt, _utmb, _utmc,_utmz, _gatUA-5602371-11, _gid Used to distinguish users and sessions / visits, traffic source or campaign; used to throttle request rate
New Relic Up to 2 years _ga, _JSESSIONID Distinguish users in application performance monitoring; monitor session counts for an application

 

Please note that our Partners may also use cookies on their websites, over which we have no control, but which will be activated if you click through to our Partners’ websites.

We may occasionally use a “click-through URL”. When you click one of these URLs, you pass through our web server before arriving at your final destination. We track click-throughs to help us improve the user experience, determine your interest in particular topics, and measure the effectiveness of our customer communications.

You can learn more about cookies at the following third-party websites:

Please be aware that YapStone is not responsible for the privacy practices of other sites, including our Partners’ websites. We encourage our users to be aware when they leave our Website to carefully read the privacy statements of each and every website which collects personally identifiable information.

  1. WHERE WE TRANSFER AND STORE YOUR PERSONAL DATA

The personal data which we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), including Switzerland, India, the Philippines and the United States of America. You acknowledge the transfer to, and storing, or processing outside of the EEA, of your personal data as set out in this Privacy Statement.

Your personal data may also be processed by staff operating outside the EEA and Switzerland who work for us or one of our Partners, Merchants or affiliated companies, or one of our third-party suppliers, or third-party service providers. Such staff maybe engaged in, among other things, the fulfilment of your transaction, the processing of your payment details, improving our Websites and services, technical support, fraud review, and the provision of other support services. YapStone will take all reasonably necessary steps to ensure that where your personal data is transferred, it is treated securely and in accordance with this Privacy Statement.

YapStone may also transfer your personal data to Yapstone Holdings, Inc., the United States-based parent company of YapStone, and/or any of its subsidiaries located in the United States for the purposes specified below, including verifying your identity, your location or payment information in connection with our services or those of our Partners or Merchants, or in order to comply with our legal and regulatory obligations, as well as for group administration and management purposes. For more information in relation to transfer to and storage in the United States of America, please see the section titled COMPLIANCE WITH US-EU PRIVACY SHIELD FRAMEWORK below.

Any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws.

  1. COMPLIANCE WITH US-EU PRIVACY SHIELD FRAMEWORK

YapStone Holdings Inc. adheres to the principles of the US-EU Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from EEA member countries. YapStone Holdings Inc. has certified that it adheres to the Privacy Shield Privacy Principles. For more information regarding how we comply with the US-EU Privacy Shield, please read our statement here: https://www.yapstone.com/legal/privacy-shield

  1. SECURITY

All personal data you provide to us are stored on our secure servers or secure servers licensed for use by us. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our service or Websites, or where you or engage with our customer service team, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Websites; and any transmission is taken at your own risk. Once we have received your information, we will use commercially reasonable procedures and security features to try to prevent unauthorised access.

  1. USES MADE OF YOUR PERSONAL DATA

We use your personal data in the following ways:

(a)        To ensure that content from our Websites is presented in the most effective manner for you and for your electronic device;

(b)       To allow smooth interaction between you and customer support;

(c)        For the purposes of performing the contract by providing you with information, products, or services which you request from us or a Partner;

(d)       To carry out our obligations arising from any contracts entered into between you and us;

(e)        To allow us to carry out our contractual obligations to our Partners or our Merchants in connection with providing Processing Services to facilitate payment by users of online platforms or online marketplaces to Merchants to whom the users owe a payment obligation;

(f)        Where you have consented to its use for the purpose of participating in interactive features of our service, when you choose to do so;

(g)       Where you have consented to its use for the purpose of providing you with information about products or services (whether ours or a third party’s) where you have requested this, or, where you have separately agreed to this, which we feel may interest you;

(h)       To notify you about changes to our products and / or services;

(i)        To comply with our legal obligations by performing the necessary due diligence on you and our customers – including, for example, information necessary to meet legal Customer Due Diligence, Know Your Customer and Anti-Money Laundering obligations, such as name, date of birth and current address of individuals and / or beneficial owners of property, photo identification, utility bill copies or similar documents;

(j)        For our legitimate interests in detecting, investigating, preventing, protecting against, remediating and reducing the risks of chargebacks and fraud in our system, unauthorised transactions, or activity we think is suspicious or may be potentially illegal, unlawful or harmful, to build fraud and credit risk models to assist in the screening of users for the purposes of identifying fraudsters, preventing fraud and minimising associated credit risk, which may include credit checks under the conditions of local law, sharing of relevant data with vendors to improve our system and services, or sharing such data in order to comply with our legal, regulatory or compliance obligations or assist law enforcement with respect to criminal or suspected criminal acts, including responding to a valid request by a law enforcement agency or regulatory or governmental authority, and use or disclosure of such data or information in connection with actual or proposed litigation, or to protect our property, people and other rights or interests; and

(h)       To enforce our Privacy Statement and/or our Terms or any other purpose referenced herein or therein.

Except as permitted in this Privacy Statement and / or as otherwise notified to you or agreed with you at the time we collect your personal data, we will not disclose your personal data to any other third parties except with your explicit permission.

  1. DISCLOSURE OF YOUR PERSONAL DATA

We may disclose your personal data to (i) any affiliate YapStone, including, Yapstone Holdings, Inc. and the subsidiaries of Yapstone Holdings, Inc. and (ii) to Partners and third parties for the following purposes:

(a)        where we have received your personal data from or via an online portal or marketplace through which you rent your property, in particular disclosures of any updates to your personal data, including your bank account details, with such online portal or marketplace, who will use this data in accordance with their privacy policy and terms of service as made available to you by them, for the purposes of your continued use of their services, to enforce their policies, defend and protect the rights, property or safety of themselves or other users of their websites or services, to comply with their legal obligations (including reporting to relevant taxing authorities) or in the interest of national security, public interest or law enforcement in any country where they have entities or affiliates. For example, they may respond to a valid request by a law enforcement agency or regulatory or governmental authority, and they may also disclose data in connection with actual or proposed litigation, or to protect their property, people and other rights or interests;

(b)       if you have requested their services or if you have requested to be provided with information by them;

(c)        if you have done (or have agreed to do) business with them;

(d)       where we are providing you services, and the third party offers services you may be interested in (provided we have obtained the appropriate permission(s));

(e)        in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

(f)        if Yapstone International Limited, or Yapstone Holdings, Inc. or any of its affiliates, have substantially all of their assets acquired by a third party, personal data held by it about you may be one of the transferred assets;

(g)       in order: (i) to comply with any legal obligation (including reporting obligations under fraud, anti-money laundering, counter terrorist financing law, or other EU-specific or country specific laws, and other applicable law and regulations); (ii) in order to enforce or apply the Terms of Service or Terms of Use with respect to our services or our Websites; (iii) in order to enforce or apply provisions of any agreement we have with you; or (iv) to protect the rights, property, or safety of YapStone, or its affiliates, our customers, our users, our Partners, or others;

(h)       for the purposes of fraud protection, credit risk reduction, and the prevention and reporting of money laundering or other criminal or suspected criminal activity, including the building of fraud and credit risk models to assist in the screening of users for the purposes of identifying fraudsters, preventing fraud and minimising associated credit risk for YapStone, its Partners, Merchants and other users of its Services;

(i)        where such third parties provide services to us that facilitate the provision of our services to you in order to perform our contract with you;

(j)        pursuant to a valid request or subpoena from law enforcement, regulators, court, or other government body; and

(k)       with your permission.

In any case where we share personal data with a third party controller, the use by that third party of the personal data will be subject to the third party’s own privacy policies and you should consult such privacy policies.

  1. YOUR RIGHTS RELATED TO OTHER WEBSITES

Our Website may, from time to time, contain links to and from the websites of our Partner networks, advertisers, and other affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

  1. MOBILE APPLICATIONS

When you download or use apps relating to our Websites, we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertising, search results, and other personalised content. Most mobile devices allow you to turn off location services. If you have questions about how to disable your device’s location services, we recommend you contact your mobile service carrier or your device manufacturer.

  1. PHISHING OR FALSE EMAILS

If you receive an unsolicited email which appears to be from us or one of our Partners or third parties which requests your Personal Data (such as your credit card number, YapStone login, or password), or which asks you to verify or confirm your account or other personal data by clicking on a link, that email was likely to have been sent by someone trying to unlawfully obtain your information. This is sometimes referred to as a “phishing” or “spoofing.” We do not ask for this type of information in an email. Do not provide the information or click on the link. If you receive any suspected phishing or spoofing emails, please report it to YILprivacy@yapstone.com

  1. PROMOTIONS

Promotions, incentives, or giveaways may be made available through YapStone, our Partners, or third parties from time to time. You do not have to participate in these. However, if you choose to participate, you may be asked to disclose some personal data. Additionally, at the time of entering the promotion, we will disclose in its specific terms and conditions regarding how your personal data will be used. Please do not participate in any promotion if you do not agree to such usage.

  1. RETENTION OF PERSONAL DATA

Generally, we will hold your personal data for as long as you are a customer and use our services to ensure accuracy and to help maintain quality of service or if we are obliged to retain such information for legal, regulatory, fraud prevention and legitimate business purposes.

We are obliged by law to retain AML-related identification and transaction records for six years from the date of the transaction. Other information will be retained for no longer than is necessary for the purpose for which it was obtained by us or as required or permitted for legal, regulatory, fraud prevention and legitimate business purposes. In general, we (or our service providers on our behalf) will hold this information for a period of seven years, unless we are obliged to hold it for a longer period under law or applicable regulations.

We will review your personal data regularly to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.

When it is no longer necessary for us to hold your personal data, we will securely destroy it in accordance with applicable laws and regulations.

  1. YOUR RIGHTS TO YOUR PERSONAL DATA

(a)  Why you should tell us when your details need to be updated

It is important that the personal data we hold about you is accurate and current. We will use reasonable efforts to keep your personal data up to date. However, you agree to notify us without delay in the event of any change in the personal data we hold about you, to enable us to comply with our obligations to keep information up to date. You can contact us using the details set out in the CONTACT US section.

(b)  Your rights in connection with the personal data we hold about you

You have the right to request a copy of your Personal Data from us. This right can be exercised by writing to us.

You also have the right to rectify any errors in, and in limited circumstances, to request deletion, or restriction on the use, of your personal data, and to object to certain uses of your Personal Data, in each case subject to the restrictions set out in applicable data protection laws. Please note, however, where we hold and process your personal data in order to comply with legal obligations e.g. compliance with tax requirements and exemptions, or for the establishment exercise or defence of legal claims, your right to ask us to delete or remove your personal data is limited. We are also under no obligation to rectify or delete your personal data where to do so would prevent us from meeting our contractual obligations to you.

In any case where we are relying on your consent to process your personal data, you have the right to change your mind and withdraw consent by writing to us.

Where we are relying on a legitimate purpose of YapStone, a YapStone Affiliate or a third-party recipient of the personal data, in order to use and disclose personal data, you are entitled to object to such use or disclosure of your personal data, and if you do so, we will cease to use and process the personal data for that purpose unless we can show there are compelling legitimate reasons for it to continue or it needs to use the personal data for the purposes of legal claims.

In limited circumstances, you may also have the right to data portability in respect of certain of your personal data, which means you can request that we provide it to you in a structured, commonly used and machine-readable format, or transmit it to your third-party nominee where this is technically feasible.

If you want to exercise your rights regarding your data please contact us at the address set out in the CONTACT US section, specifically setting out in writing your request clearly, including by specifying the personal data to which the request relates. We recommend that you provide as much detail as possible when sending requests to us so that we can deal with your query properly and efficiently.

  1. CONFLICT BETWEEN THIS PRIVACY STATEMENT AND THE TERMS OF SERVICE OR TERMS OF USE OF OUR SERVICES

Where there is a conflict between this Privacy Statement and an explicit provision of the Terms of Service or other Terms of Use related to our Services, this Privacy Statement will prevail over those other Terms.

  1. DISPUTE RESOLUTION AND INDEPENDENT RECOURSE MECHANISM

As a payment processor, we take data security and the integrity of your personal information very seriously. If you have a dispute with us regarding this Privacy Statement or related to our handling of personal data, we will gladly attempt to address your concerns. Please contact us at the address in the CONTACT US section with any concerns.

All disputes related to this policy, the US-EU Privacy Shield Framework or any US-Swiss Framework, or our handling of personal data which cannot be informally resolved through direct communication shall be finally resolved by binding arbitration administered by the American Arbitration Association, and judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. The arbitration will be conducted in the English language, before a single arbitrator.

  1. CHANGES TO THIS PRIVACY STATEMENT

This Privacy Statement is introduced with effect from 11 June 2018. We reserve the right to change this Privacy Statement at any time. Any changes to the Privacy Statement will be either posted on this page or communicated to you in writing by us, where we are legally required to do so.

Changes to this Privacy Statement shall be applicable on the effective date set out in the updated Privacy Statement. The latest version of this Privacy Statement will be available to view on our Websites.

  1. CONTACT US

HolidayRentPayment is the trading name of Yapstone International Limited. Questions, comments, and requests regarding this Privacy Statement are welcomed, and should be addressed to: Legal Department, YapStone International Limited, Unit 7, Mellview House, M1 Retail Park, Drogheda, Co Louth, Ireland or to YILprivacy@yapstone.com

If you are still dissatisfied with how we have handled your personal data, you may contact the Data Commission’s Office and may lodge a complaint by emailing info@dataprotection.ie or writing to the following address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois.

Last updated: 10 June 2018