Safe Harbor 
EUROPEAN UNION PRIVACY POLICY
PURPOSE
eFunds Corporation (collectively,”EFD” or the “Company”) understands and respects the privacy concerns of its clients. EFD has adopted this European Union Privacy Policy (the “Policy”) pursuant to its European Union (“EU”) Safe Harbor certification.
EFD adheres to the Safe Harbor Principles set out at www.export.gov and compliance with this Policy is mandatory. Associates of the Company who violate this Policy are subject to disciplinary action, up to and including dismissal from employment for cause.
SCOPE
This Policy applies to information that pertains to an identifiable individual residing in the European Union (“EU Personal Data”) which EFD acquires pursuant to its performance of services for its clients situated in the European Union (“EU Clients”). This Policy does not apply to: (a) data collected and used by EFD which is not EU Personal Data; (b) the subsidiaries of EFD who do not receive EU Personal Data; or (c) human resources data collected by EFD from its EU associates.
Methods of Data Acquisition
EFD acquires EU Personal Data in the following ways:
- EU Clients send credit and debit card application information to EFD for processing;
- EU Clients send account management related requests such as card status and information changes to EFD for processing;
- Transaction-related data is sent to EFD for processing, either directly from EU Clients or from their merchant customers;
- EU Clients send EFD contact information for its customers so that EFD may contact such individuals to perform account management services;
- EFD contacts individuals at the request of its EU Clients for the purpose of account management;
- individuals contact EFD in order to establish or manage their accounts with the EU Clients;
- EFD supports EU Clients by providing assistance to the EU Client’s technical staff; and
- the EU Client sends information access requests to EFD for processing.
Notice and Consent
In the performance of the above tasks, EFD is acting in accordance with instructions from its EU Clients as set out in its agreements with such clients. Under these agreements, the EU Client is responsible for providing notice to its customers as to what data will be collected and for what purpose the data will be used and to whom it will be disclosed. The EU Client is also responsible for receiving consent, if required, based on such notice.
Data Usage
EFD uses EU Personal Data to perform its obligations under its EU Client agreements, including the following activities:
- Processing opening, change or closing requests for individuals on behalf of the EU Client;
- Processing transaction information on behalf of the EU Client;
- Providing transaction screening services to EU Clients;
- Providing account management services to EU Clients; and
- Providing EU Client support or implementation services for the above activities and for EFD software.
- Processing opening, change or closing requests for cardholder accounts on behalf of the EU Client;
- Processing transaction information on behalf of the EU Client;
- Providing transaction screening services to EU Clients; and
- Providing EU Client support or implementation services for the above activities and for EFD' software.
Disclosure to Third Parties
To provide the above services, EFD will occasionally use an affiliate or a third party agent, but only if authorized to do so in the EU Client agreement and only where the affiliate or agent acts on behalf of and under the guidance of EFD and within the scope of the agreement with the EU Client. Before using such affiliate or third party, EFD assures itself that it is: (a) a Safe Harbor certified company; (b) situated in the EU or a jurisdiction which is recognized by an adequacy finding of the EU data protection authorities; or (c) bound by a written agreement with EFD which provides at least as much privacy protection as is set out herein.
Legal Requirement to Disclose
As a result of legal requirements, EFD may be required to provide personally identifiable information to authorized organizations in order to comply with legally mandated reporting or process requirements.
Data Integrity and Information Security
EFD is committed to ensuring that EU Personal Data received from its EU Clients is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction while it is under the control of EFD, its affiliates or agents. Under the EU Client agreements, EFD is also obligated to follow the security policies of the EU Client.
EFD processing technologies and operations employ a wide range of security measures including: physical, electronic, and procedural safeguards; sophisticated security monitoring tools; documented security policies; use of encryption and/or private leased lines for transmissions of EU Personal Data to and from EU Clients; restricted access of personally identifiable information only to those of its employees that need to know the information; and, periodic security audits by internal audit group and third party security experts.
Access to personal data
Most EU Personal Data received by EFD is simply processed and sent back to the EU Client. EFD does not store such data on its servers or otherwise.
An individual who wishes to access any his or her EU Personal Data that is in EFD possession may contact the EU Client to which he or she submitted the data and request access. On receipt of an access request from the EU Client, EFD will provide access except where the burden or expense of providing the access would be disproportionate to the risks to the individual’s privacy or where the rights of a person other than the individual would be violated by such access.
If the EU Client advises EFD that the information pertaining to an individual is found to be inaccurate, EFD will correct, amend or delete it as directed by the EU Client.
Compliance and Enforcement
If an individual to whom this Policy relates has a complaint or dispute, the individual should contact the EU Client who provided the data to EFD. If after contacting the EU Client, the individual's complaint or dispute has not been resolved, s/he can contact the International Centre for Dispute Resolution of the American Arbitration Association at www.adr.org. This organization will provide independent dispute resolution and, should it determine it appropriate, it can also assess sanctions, including damages, for violation of the Policy.
Contacting EFD
If you have any questions about this Policy or the Safe Harbor practices of EFD, please contact:
EFD | eFunds Corporation
Attention: General Counsel
4900 North Scottsdale Road, Suite 1000
Scottsdale, Arizona 85251
U.S.A.