Boost Payment Solutions Privacy Notice

Privacy Notice last updated February 2024 

About Boost

Boost Payment Solutions, Inc. founded in 2009 and widely considered a leader in the B2B payments arena, provides corporations and institutions with technology-enabled solutions that optimize commercial card usage and acceptance. Boost is committed to your privacy and to protecting your business information. Boost’s “Privacy Policy” is designed to inform you about our collection and use of personal information. This Privacy Policy outlines how we will use the information you share with us. We reserve the right at any time and without notice to change this Privacy Policy simply by posting such changes on the Boost website. Any such change will be effective immediately upon posting.

At Boost, we take our responsibility to protect the security and privacy of the information we receive extremely seriously. We are continually reviewing our established policies and procedures to ensure that they are appropriate and effective in meeting our commitment to our community, to our customers and to ourselves.

Our employees must adhere to the Boost Privacy Policy. Our employees receive periodic compliance training about the privacy policies and procedures of Boost and its affiliates. We acknowledge that protecting consumer privacy is a key part of our trusted relationship with our clients. Any employee violating the Boost Privacy Policy may be subject to disciplinary action, up to and including dismissal.

While the company takes all reasonable precautions to preserve the integrity of all data and prevent any corruption or loss of all data, in the unlikely of any data breach within our own or our third-party provider systems, Boost will notify any impacted customers or partners in a reasonable time period upon identification and confirmation of breach.

  1.  DEFINITIONS
    1. “Data” includes both Non-Personal Information and Personal Identifiable Information.
    2. “Non-Personal Information” is any information that is not Personally Identifiable Information (defined below). Non-Personal Information includes, without limitation, Personally Identifiable Information that has been anonymized.
    3. “Personal Information,” “personal information,” “Personally Identifiable Information,” “PII,” or “Personal Data” will have the meaning set forth in the applicable data privacy and security laws for the jurisdiction you are located in. In general, Personal Information is non-public information we receive from your use of the Site that can be used, alone or in combination with other information in our possession, to identify a particular person/individual. It may include information such as name, address, telephone number and other personal information you provide us.
    4. “Site” refers to pay.boostb2b.com, including any related blogs, domains, mobile sites, online services, and applications maintained by Boost.
    5. “Boost”, “we,” “us” and “our” means Boost Payment Solutions, Inc.
    6. “You” and “your” mean the individual or entity visiting or using the Site.

2. INFORMATION COLLECTED AND CONSENT

You do not have to provide any Personally Identifiable Information to browse the publicly available pages of the Site; however, in order to obtain or use products or services that are or may be provided through the Site or that we may otherwise offer online or offline (collectively, the “Service(s)”) you may be required to register and/or provide Personally Identifiable Information.

 Personal Information Your Provide Us

We may collect Personal Information from you in a variety of ways, including, but not limited to, when you (i) register on the Site; (ii) fill out forms or fields on the Site or offline; (iii) complete an application for a Service available through the Site; (iv) communicate with us through the Site or by email, mail, text, telephone, facsimile or other electronic means; (v) use the Site or authorize us to access any financial information stored or processed by a third party; (vi) provide us with Personal Information or other information; (v) participate in activities or utilize resources provided by or through Boost. The amount and type of information that Boost gathers depends on the nature of the interaction. Generating Card Processing Agreements and other related documentation that may be required for your company to accept payments through Boost.

Business information collected during the online application process will be used solely for evaluating a supplier or merchant’s suitability for enrollment and to facilitate the boarding process. This information may be shared securely with third parties only as necessary to accomplish these tasks, and the privacy policies of these third-parties may be different from ours. Contact information will not be shared with third parties for marketing purposes but may be used by Boost to periodically share information with you about changes in regulatory compliance, new products, and services.

The personal information we may collect about you may include, depending on the nature of the transaction, the following:

  • First and last name, and middle initial
  • Postal/mailing address
  • Email address
  • Telephone number
  • Geographic area
  • Title
  • Internet protocol address
  • ID verification/Social Security Number
  • Passport information
  • Age/Date of Birth
  • Documents to verify your identity
  • Your occupation
  • Payment information
  • Preferred language
  • Details included in any application
  • Transaction and financial information related to the transaction
  • Services purchased, obtained, or considered
  • Information about your business, if applicable
  • Geolocation data

When submitting information through Boost’s payment portals, you agree to submit only complete and accurate information and attest that the submission of this information does not violate any applicable federal, state, or local laws. You also agree that any personal information shared is provided with the explicit consent of that person.

We will treat as personal information any item that, either alone or together with other information, we could use to identify an individual. Except as described below, we will not share with third parties any personal information without your permission.

By providing your Personal Information to us, you explicitly agree to our collection and use of such information as described in this Privacy Policy. By providing Personal Information belonging to another person, you expressly represent and warrant that you have the authority and right to do so, and that you obtained all appropriate and required consents.

We may also collect your Personal Information from sources that you have authorized to share with us or that you have authorized us to obtain information from.

We collect information about you from third parties related to transactions you are contemplating entering into with us or that you have entered into with us.

If you believe we received our personal information from a source without authority to share your personal information with us, please contact us so that we can resolve your complaint.

Information We Automatically Collect

Boost may collect information about you automatically when you visit the Site, communicate through the Site, or use any of our online Services.

System Information: We may automatically receive certain information from your browser or mobile device, such as your browser type, the operating system of your device, the equipment you use to access the Site, and the unique identifier of your mobile device.

IP Address: We may also receive your IP address and the name of the internet service provider (“ISP”) or your mobile carrier.

Browsing Information: We may collect the URL of the site from which you came and the URL of the site you visit when leaving the Site or any of our online Services. We may also collect information related to your activities on the Site, such as webpages you view and how you interact with those webpages.

Location: We may collect, depending on your device’s settings, location data and other types of information sent from third party services or GPS-enabled devices.

Site Usage: As you use the Site or any of our online Services, we may also collect information about such usage and your actions on the Site, such as pages you viewed, access times, and how long you spend on a page. We may use cookies to collect such information, as described in more detail below. This information is considered Non-Personal Information, which we can use for any purpose, including, without limitation, to help us improve the Site or the Services and to enhance your, and other users’, experience.

Aggregated Anonymized Data: We may also convert personal information into Non-Personal Information by excluding information that is personally identifiable. You acknowledge that Non-Personal Information and Personal Information that is converted into Non-Personal Information belongs to Boost and that Boost has the right to use such general information as it determines in its sole discretion, including, without limitation, publishing reports on trends in the usage of the Site.

2. Cookies and Similar Technologies Used on the Site

The Site or our online Services may use “cookies,” or other identifiers, which may be stored on your device, to recognize you as a user when you return to the Site or use the online Services using the same computer and web browser and to maintain your preferences. We use cookies and other identifiers to identify which areas of the Site or online Services you have visited and how you interact with the Site. We also may use this information to better personalize the content you see on the Site or online Services, serve you with personal advertisements for Boost and third-party products, either via email, on our Site, or on other websites on the internet does not store unencrypted Personal Information in the cookies. We also do not link Non-Personal Information from cookies to your Personal Information.

In general, we use one or more of the four different types of cookies:

Necessary cookies: These cookies are necessary to enable the basic features of the Site, including any of our applications, such as providing a secure login.

Functional cookies: These cookies allow our Site to perform certain functionalities like sharing the content of the Site on social media platforms, collect feedback, and other third-party features.

Performance cookies:  These cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience to visitors.

Advertising cookies: Advertising cookies allow us to select which advertisements and offers you may like. We also use cookies to track online responses to advertisements and other marketing to better understand your interests so that we can present more relevant advertisements and messages to you.

Analytics cookies: Analytics cookies help us improve our website by collecting and reporting information on how you use it, number of Site users, etc.

Disabling Cookies on Your Browser:  Some browsers may allow you to manage the storage of cookies on your device. If supported by your browser, you may set your browser to refuse all cookies (or, sometimes all third-party cookies) or to alert you when a cookie is placed. However, if you select these settings, you may be unable to access certain parts of the Site or the online Services. Unless you have adjusted your browser setting to refuse cookies, the Site and online Services will issue cookies. For more information about how to manage your cookie preferences, use the ‘help’ menu of your web browser or explore the customer support sections of your web browser. To opt-out of all cookies or certain advertising cookies, visit the company website for your browser for instructions.

Opting-out of Personalized Ads: You can opt-out of receiving personalized ads from advertisers and ad networks that are members of the Network Advertising Initiative (“NAI”) or who follow the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising using their respective opt-out tools. The NAI’s opt-out tool can be found here: http://www.networkadvertising.org/choices and the DAA’s opt-out tool can be found here: http://www.aboutads.info/choices/.

In addition, your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for online behavioral advertising (for example, Apple iOS’ Advertising ID and Google Android’s Advertising ID). Please note that opting out does not prevent the display of all advertisements to you.

4. HOW WE USE AND SHARE YOUR PERSONAL IDENTIFIABLE INFORMATION

We will use your personal information to provide the Services that your personal information was shared with us to fulfill. Boost may use personal information for the following purposes:

    1. To improve customer service: Your information helps us communicate more effectively with inquiries and existing customers, and to respond to your customer service requests and support needs.
    2. To personalize user experience: We may use information in the aggregate to understand how our users as a group use the Services and resources provided on the Site.
    3. To improve the Site: We continually strive to improve our Site and the Services based on the information and feedback we receive from you.
    4. To provide products or services and to process transactions: Except as otherwise expressly provided in this Privacy Policy, we will use Data for the purposes of fulfilling our duties and providing the Services. Boost may use Non-Personal Information for statistical analysis, product development, research, or other purposes. We may use the information that you provide about yourself or that you have provided to our customers for the purpose of providing and fulfilling the Services. We do not share this information with outside parties except to the extent necessary to provide the Services.
    5. To send periodic mail, emails, requests for feedback, and surveys: The email address you provide for the Services will only be used to send you information, newsletters, surveys, requests for feedback, and updates pertaining to the Services requested, provided, or that we think you may be interested in. It may also be used to respond to inquiries and/or other requests or questions.
    6. To develop new products or services: We use your Personal Information and Non-Personal Information for research and commercial purposes. The information we collect may be used to develop new Services. Except as otherwise provided in this Privacy Policy, we may use your Personal Information and Non-Personal Information internally or, among other things, to offer our own or third-party Services. Only Boost, its affiliates, subsidiaries, suppliers, and contractors involved in distributing the new Service will have access to your Personal Information. Our affiliates, subsidiaries, suppliers and contractors will be required to use any Personal Information we provide to them only for that intended purpose and subject to the terms of this Privacy Policy.
    7. Fulfillment Obligations: Comply with contractual obligations, relevant industry standards, and our policies.
    8. For marketing: Except as otherwise expressly provided for in this Privacy Policy or except as prohibited by applicable law, Boost may use your Personal Information and Non-Personal Information to enhance its networking, marketing, social, and recruiting activities, and for other similar business purposes. Boost may also use your Personal Information and Non-Personal Information to contact you on behalf of external business partners about a particular offering that may be of interest to you. In these cases, your Personal Information is not transferred to the third party. We may also use Personal Information to provide you with information regarding new products or services or to post testimonials from you related to our Services. Personal Information is not shared with entities outside of Boost other than service providers who assist us in carrying out these business functions. Boost does not use or disclose sensitive Personal Information, such as race, religion, or political affiliations, without your explicit consent.
    9. Compliance with applicable law: We may disclose your Personal Information as we may in our sole discretion determine is necessary or reasonably required to comply with law, applicable regulations, court orders or subpoenas; to enforce our Terms and Conditions; or to protect our rights, property, or safety; or the rights, property, or safety of others.
    10. Security: Mitigate fraud, enhance the security of the Site, and manage institutional risk.
    11. Change in the Site Ownership: If ownership of the Site or of Boost changes, whether in whole or in part, information collected through the Site, or as a result of your use of the Services, your Personal Information may be transferred to the new owner of the Site and/or Boost, as the case may be, and any Services can continue. In that case, your Personal Information would remain subject to the terms and conditions of the applicable version of the Privacy Policy.
    12. Payment Processing: For processing payments related to the Services we provide you.
  1. RETENTION AND STORAGE OF PERSONAL INFORMATION

We retain your Personal Information for as long as necessary to fulfill the purpose for which it was collected and to comply with applicable laws. We use reasonable security precautions to protect your information while in storage.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and applicable legal requirements.

6. SECURITY

We will use commercially reasonable methods to keep your Personal Information secure in our files and systems. All information provided to Boost is transmitted using SSL (Secure Socket Layer) encryption. SSL is a coding system that lets your browser automatically encrypt (or scramble) data before you send it to us. Unfortunately, no data transmission over the Internet is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information.

7. DO NOT TRACK

Your browser may provide you with the option to send a “Do Not Track” signal to websites you visit. This signal is used to request that websites not send the requesting device cookies, but websites have no obligation to respond to such signal or to modify their operation. Our online sites may not recognize all web browser based “Do Not Track” signals.  However, you may be able to modify your internet-enabled device’s web browser settings to block all cookies or third-party cookies.

8. EXEMPTIONS FROM THE PRIVACY POLICY

Our Privacy Policy does not apply to any information you may send to Boost by email or instant messaging programs (e.g., Instagram, Yahoo, etc.), or through social media networks, even if you open such programs or services by clicking a link displayed on the Site. Email, social media, and instant messages are not recognized as secure communication forms. Please do not send any information you consider private to us by email or instant message or through social media sites (e.g., Twitter, Facebook, etc.) due to the public nature of such postings.

9. LINKS TO OTHER SITES

The Site and the online Services may contain links to other websites. Boost is not responsible for the actions, practices, or content of websites linked to, or from, the Site or the online Services. You understand such websites may require you to agree to their terms of use and that we have no control over these terms. As always, you understand it is your responsibility to verify your legal use of a website, and use of information from the website and the corresponding website owner.

10. AGE OF CONSENT

Boost takes special care to protect the privacy needs of children under the age of 13 and we encourage parents to be an active participant in their child’s online activities. Boost abides by the Children’s Online Privacy Policy Act (COPPA) and other relevant laws. The Site does not target and is not intended for children under the age of 13, and Boost will not knowingly collect Personal Information directly from them. If Boost discovers that a child has provided personal information directly through the Site, Boost will eliminate that data. The Site is only intended for persons 18 years of age or older. If you are under the age of 18, you may not use the Site.

If you have knowledge that a child 13 years of age or younger has submitted personal information to us, please contact us and we will delete the personal information collected belonging to that child. You may contact us by writing to us at the address below. Parents and guardians can also contact us by mail but before any information is disclosed, the parent will be required to provide verification of his/her identity and authority related to any request. We will only send the information to the parent email address in the registration file.

11. CAN-SPAM COMPLIANCE NOTICE

Boost fully complies with the federal CAN-SPAM Act. You can always opt-out of receipt of further email correspondence from us.

12. CALIFORNIA PRIVACY RIGHTS

Under Section 1798.83 of the California Civil Code, residents of California can obtain certain information with whom they have an established business relationship. That information is about the Personal Information those companies have shared with third parties for direct marketing purposes during the preceding calendar year. The law requires companies to inform consumers about the categories of Personal Information shared with third parties, the names and addresses of those third parties, and examples of the services or products marketed by those third parties. Boost does not engage in direct marketing of consumers and does not share Personal Information of consumers with third parties.

 

13. US STATE LAW PRIVACY RIGHTS

Some US states have adopted privacy laws that require specific disclosures. The following explains your rights pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “Act”). Some or all of the rights provided for under the Act are also provided for under the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act and the Virginia Consumer Data Protection Act. Collectively, these privacy laws are referred to as “US State Privacy Laws.”

The US State Privacy Laws supplements the information contained above in our general Privacy Policy and applies solely to visitors, users and others who reside in those referenced states or who’s state has adopted some or all of the privacy rights set forth below. The following terms in this Section 13 supersede any inconsistent terms in any other sections of the Privacy Policy.

We do not sell your personal information

We do not sell your Personal Information. Under US State Privacy Laws, a business that sells personal information to others: 1) must give notice to that person before selling his/her personal information to others; and 2) must provide the right to opt-out of the sale of their personal information.

Your Rights Under US State Privacy Laws

  1. Right to Access and Know. You may request that we disclose the following information:
    1. The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
    2. The specific pieces of Personal Information we collected about you;
    3. The business or commercial purpose of collecting or sharing Personal Information about you;
    4. The categories of Personal Information about you that we shared (as defined under the applicable privacy law) and the categories of third parties with whom we shared such Personal Information; and
    5. The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).

Under US State Privacy Laws, the right to obtain “specific pieces” does not grant a right to the whole of any document that contains Personal Information, but only the right to obtain items of your Personal Information. Additionally, you have a right to know “categories” of sources of Personal Information and “categories” of third parties to which personal information is disclosed, but not the individual sources or third parties. Boost does not always track individualized sources or recipients.

  1. Right to Request Correction of your Personal Information. You may request to correct inaccuracies in your Personal Information;
  2. Right to Request Deletion of Your Personal Information. You may request to have your Personal Information deleted;
  3. Right to Opt-out of Sharing for Cross-Context Behavioral Advertising. You may request to opt out of the “sharing” of your Personal Information for purposes of cross-context behavioral advertising.
  4. Right to Data Portability. You have the right to request a copy of your data in a machine-readable format.

Verification of Requests to Exercise Rights. When receiving a request, we will verify that the individual making the request is the resident to whom the Personal Information subject to the request pertains. You may exercise your rights yourself or may use an authorized agent to make requests to disclose certain information about the processing of your Personal Information or to delete Personal Information on your behalf. If you use an authorized agent to submit a request, we may request that you provide us with additional information demonstrating that the agent is acting on your behalf.

Categories of Personal Information We Collect

We collect information that identified you, including information that may identify your household or your device or is reasonably capable of being connected with or linked to you, your household, or your device. “Personal Information” does not include public information available from government records, de-identified or Aggregated Anonymized Data, or information that is protected by certain laws such as HIPAA for health-related information and the Gramm-Leach Bliley Act for certain financial institutions.

How We Use Your Information

See above for how we use your information. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

We are not required to (1) retain your Personal Information if collected for a single one-time service if, in the ordinary course of business, that information would not be retained and (2) re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a way that would be considered personal information.

Request to Delete

We are not required to grant your deletion request if retaining the Personal Information is necessary for us or our service providers to:

  1. Complete the transaction for which the Personal Information was collected, fulfill the terms of a written warranty or product recall, or otherwise perform a contract between us and you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  3. Debug to identify and repair errors that impact existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law.
  5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest when the deletion of the public information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  6. For solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
  7. Comply with a legal obligation.
  8. Internally make otherwise lawful uses of your Personal Information that are compatible with the context in which you provided your Personal Information.

Opt-Out Request

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sharing with third parties. However, you may change your mind and opt back into Personal Information sharing with third parties at any time by mailing us at the address below.

We will only use Personal Information provided in an opt-out request to review and comply with the request. We will act upon your opt-out request within 15 days of receipt.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you Services.
  • Charge you different prices or rates for Services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of Services.
  • Suggest that you may receive a different price or rate for Services or a different level or quality of Services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

14. EU and UK Privacy Rights

This section is for users in the European Union and the United Kingdom (collectively, “EEA”) and supplements the information contained in other sections of this policy and applies solely to all visitors, users and others who are located in the EEA. Any inconsistent terms in any other sections of this policy will be superseded by this Section for EEA residents.

  1. Personal Data. References to Personal Information in this policy are equivalent to “personal data” governed by the General Data Protection Regulation (EU/UK) (collectively and generically, the “GDPR”).
  2. We are the controller of your Personal Information covered by this policy for purposes of the GDPR. Our contact information is provided below.
  3. Legal Bases for Processing. We use your Personal Information only as permitted by law. Our legal bases for processing Personal Information is described in this Section 14 is as follows:
  • To provide Services to you.
  • To perform our contractual obligations.
  • To perform pre-contractual measures.
  • For research and development.
  • To send you marketing communications.
  • For compliance, fraud prevention and safety.
  • To create anonymous data.
  • To comply with applicable law.
  • Processing of Personal Information with your consent.
  • Protect your vital interests or those of another natural person.
  • Processing operations that are pursued by Boost for our legitimate interests or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Information.
  1. Your rights. The GDPR gives you certain rights regarding your personal information.  If you are located within the EEA, you may ask us to take the following actions in relation to your Personal Information that we hold:
  • Right to Access. You have the right to request information about our processing of your Personal Information and give you access to your Personal Information. In addition, you also have the right to know the following information:
    • the purposes of the processing;
    • the categories of Personal Information concerned;
    • the recipients or categories of recipients to whom the Personal Information have been or will be disclosed, in particular recipients in third countries or international organizations;
    • where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from the data controller rectification or erasure of Personal Information, or restriction of processing of Personal Information concerning you, or to object to such processing;
    • the existence of the right to lodge a complaint with the Information Commissioner’s Office which is the UK’s data protection regulator;
    • where the Personal Information is not collected from you, any available information as to their source;
    • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.
  • Right to Rectification. You have the right to update or correct inaccuracies in your Personal Information. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Information completed, including by means of providing a supplementary statement.
  • Right to Erasure (“Right to be Forgotten”). You have the right to request that Personal Information be deleted without undue delay where one of the following grounds applies, if the processing is not necessary:
    • The Personal Information is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
    • You withdraw Consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
    • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
    • The Personal Information has been unlawfully processed.
    • The Personal Information must be erased for compliance with a legal obligation in UK law to which the data controller is subject.
    • The Personal Information has been collected in relation to the offer of information society services directly to a child, referred to in Article 8(1) of the GDPR.

If one of the above reasons applies, and you wish to request the erasure of Personal Information stored by us, they may, at any time, contact us via email.

Where we have made Personal Information public and are obliged pursuant to Article 17(1) to erase the Personal Information, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the Personal Information that you have requested erasure by such controllers of any links to, or copy or replication of, those Personal Information, as far as processing is not required. We will arrange the necessary measures in individual cases.

  • Right to Restrict Processing. You have the right to restrict the processing of your Personal Information where one of the following applies:
    • The accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of the Personal Information.
    • The processing is unlawful, and you oppose the erasure of the Personal Information and request the restriction of their use instead.
    • We no longer need the Personal Information for the purposes of the contemplated processing but is required by us to exercise or defend legal claims.
    • You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds of processing override those of yours.
  • Right to Data Portability. You have the right to receive your Personal Information, which was provided to us, in a structured, commonly used machine-readable format.

You shall have the right to transmit such Personal Information to another controller without hindrance from us, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In exercising your right to data portability pursuant to Article 20(1) of the GDPR, you shall have the right to have Personal Information transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

  • Right to Object/Withdraw Consent. You have the right to object to our reliance on our legitimate interests as the basis of our processing of your Personal Information that impacts your rights.  You also have the right to withdraw your consent to our processing of your Personal Information at anytime.
  • Right Not to Be Subject to Automated decision making. You have the right to object to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or affecting you.

Cross-Border Data Transfer. Personal Information voluntarily submitted to us online, via electronic communication, or otherwise, may be maintained or accessed in servers or files in the United States, which the European Union and UK have not deemed to provide “adequate” privacy protection.  If you do not consent to having your Personal Information processed and stored in the United States, please do not provide it to us on the Website or through any other means.

  1. HOW TO SUBMIT A REQUEST TO BOOST TO EXERCISE YOUR PRIVACY RIGHTS.

In the US, EU and UK to exercise your Privacy Rights, you may submit your verifiable consumer requests to Boost at the address or email address set forth below:

Mailing a request to Boost at:

Boost Payment Solutions

767 Third Ave, 12th Floor, New York, NY 1017

 

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request to your Personal Information. Unless otherwise provided for in applicable privacy law, we are not required to provide you with Personal Information more than twice in a 12-month period.

We will not be able to respond to your request to provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

We will try to respond to your request within forty-five (45) days of receipt of your written request (thirty (30) days under the GDPR). If we require more time (up to 90 days) (up to sixty (60) additional days under the GDPR), we will inform you of the extension period in writing. We will deliver our written response by mail or electronically, at your option. For United States based requests, any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions. 

Supervisory Authority. If you are a European Union or United Kingdom resident, you may make a complaint regarding the use of your personal information to your local data protection regulator.  You can find your data protection regulator here:

 

16. YOUR NEVADA PRIVACY RIGHTS

Nevada law (SB 220) permits customers in Nevada to opt-out of the sale of certain kinds of Personal Information. A sale under Nevada law is the transfer of this Personal Information to third parties for monetary consideration so these third parties can then re-sell or license the sold information. We do not sell your Personal Information to third parties as defined in Nevada law. If you are a Nevada resident and wish to opt-out of the sale of your Personal Information, should we change our practices in the future, you must send a request by mail, or electronically.

17. AMENDMENTS

Boost reserves the right to change the Privacy Policy from time to time as its sole discretion with or without notice. Revisions to the Privacy Policy regarding the use of Personal Information are not retroactive.

18. EUROPEAN UNION DISCLOSURE

Personal Information voluntarily submitted to Boost online, via electronic communication, or otherwise, may be maintained or accessed in servers or files in the United States of America, which the European Union has not deemed to provide “adequate” privacy protection. If you do not consent to having your information processed and stored in the United States of America, please do not provide it to Boost. Boost contends that the General Data Protection Regulation (EU) 2016/679 does not apply to its processing of Personal Information and that it is not within the jurisdiction of the EU. All processing of PII is governed by the applicable laws of the United States of America.

19. EMPLOYEES, CONTRACTORS AND JOB APPLICANTS

To view or obtain a copy of our privacy policy related to employees, independent contractors, including individuals that perform work for Boost that are not employees, dependents, emergency contacts and beneficiaries of employees or independent contractors, please contact us. See Section 20 for contact information.

20. Contact

If you have any concerns/inquiries about the way Boost is handling your personal information, please let us know immediately via privacy@boostb2b.com.

About the Information We Collect

Website Visitors

Boost collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, referring site, and the date and time of each visitor request. Boost’s purpose in collecting non-personally identifying information is to better understand how Boost’s visitors use its website. From time to time, Boost may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

Boost also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on Boost’s blogs/sites. Boost only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that commenter IP addresses and email addresses are visible and disclosed to the administrators of the blog/site where the comment was left.

Boost may disclose collected information to our affiliates and vendors who assist us with our website. In some cases, this may require your information being sent to other countries. By supplying your information on our website, you consent to your information being transferred across national borders to Boost, its affiliates, vendors or agents.

When submitting information through Boost’s payment portals, you agree to knowingly submit only complete and accurate information and attest that the submission of this information does not violate any applicable federal, state, or local laws. You also agree that any personal information shared is provided with the explicit consent of that person.

Gathering of Personally-Identifying Information

Certain visitors to Boost’s website choose to interact with Boost in ways that require Boost to gather personally-identifying information. The amount and type of information that Boost gathers depends on the nature of the interaction. Generating Merchant Processing Agreements and other related documentation that may be required for your company to accept payments through Boost.

Business information collected during the online application process will be used solely for evaluating a supplier or merchant’s suitability for enrollment and to facilitate the boarding process. This information may be shared with third-parties only as necessary to accomplish these tasks, and the privacy policies of these third-parties may be different from ours. Contact information will not be shared with third-parties for marketing purposes but may be used by Boost to periodically share information with you about changes in regulatory compliance, new products, and services.

All information provided to Boost is transmitted using SSL (Secure Socket Layer) encryption. SSL is a coding system that lets your browser automatically encrypt (or scramble) data before you send it to us. Unfortunately, no data transmission over the Internet is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information.

Cookies

The Boost website may create a file or a “cookie” on the hard drive of your computer to retain information that is used by our website. These files are used during your online session to ensure your access to our site is authorized and to control certain parameters of your communication session with our site.

IP Addresses

An IP (Internet Protocol) address is a number assigned to your computer for accessing the Internet. All computer identification on the Internet is conducted using IP addresses to allow other computers and servers to recognize and communicate with each other. If a visitor requests pages from the Boost website, the Boost servers enter the visitor’s IP address into a log. We do not associate IP addresses with personal information received from visitors. Boost collects IP addresses to conduct site analysis. We also use IP address information to conduct system administration, manage communication traffic patterns and to investigate threats, mischief, or “attacks” directed at our site or to our visitors.

Please note that Boost does not disclose domain name or aggregate information to third parties other than vendors who assist us with our website and who are under strict confidentiality requirements.

External Links

As you navigate the Boost website, you may click to websites of our affiliated companies, business partners or other third parties. These sites may have their own online privacy statements or policies. This Boost Privacy Policy will not apply when you move to one of these other sites because affiliate privacy practices and policies are tailored to the products and services offered by the individual affiliate. If you do visit the websites of our affiliated business units or partners, please be sure to review the privacy policy that is applicable to those sites.

Boost is not responsible for the privacy practices employed by websites that are linked from our website. Boost does not guarantee, approve, or endorse any information, material, services, or products contained on these links. Boost is not responsible for any content on sites linked from or to the Boost website as we are providing these linked sites as a convenience and your connection to any linked site is at your own risk.

Protection of Certain Personally-Identifying Information

Boost discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information to process it on Boost’s behalf or to provide services available at Boost’s websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Boost’s websites, you consent to the secure transfer of or sharing of such information to our employees or third-party providers across geographic regions on as needed basis to deliver services or process transactions. Boost will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Boost discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Boost believes in good faith that disclosure is reasonably necessary to protect the property or rights of Boost, third parties or the public at large.

If you are a registered user of a Boost website and have supplied your email address, Boost may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Boost and our products. If you send us a request (for example via email or via one of our feedback mechanisms), we reserve the right to publish it to help us clarify or respond to your request or to help us support other users. Boost takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.

Storing Personally-Identifying Information

All data collected for the purposes of opening a merchant processing account is encrypted and stored in Boost’s CRM system (Salesforce.com).

How long do we store Personally-Identifying Information?

Data collected, encrypted and stored for the purposes of merchant processing accounts will be kept for as long as account information is required to maintain activity and/or to meet all regulatory and compliance guidelines or requirements.

Your Rights in relation to Personal Data

You have the right to request that Boost close your account and delete any data originally collected to open and maintain processing accounts. Boost will also from time to time contact customers to verify and or update information as needed. You have the right to proactively request confirmation or correction of data directly or through the authorized point of contact listed on the account profile.

Contacting Us

For any questions about these Terms of Service, our Privacy Policy, or the functionality of paymentportal.us, please contact us at 888-222-7122, email us at customerservice@boostb2b.com.