WHAT WE DO
Ethoca is the leading global provider of collaboration-based technology that enables card issuers, ecommerce merchants and online businesses to increase card acceptance, stop more fraud, recover lost revenue and eliminate chargebacks from both fraud and customer service disputes.
Through the Ethoca Network – the first and only of its kind in the industry – we are closing the information gap between card issuers and merchants. This unique capability makes fraud and customer dispute insight available and actionable in real time.
Our suite of services delivers significant revenue growth and cost saving opportunities for thousands of merchants and hundreds of issuers across the globe. This includes the world’s biggest ecommerce brands and largest banks.
WHAT OUR DATA POLICY EXPLAINS
We are pleased to share our policy and practices relating to the receipt and use of data. This Data Policy explains:
- The scope of this data policy;
- Why we receive information;
- From whom we receive information;
- What type of information we receive;
- How we receive information;
- What we do with received information;
- How we share received information;
- How we secure received information;
- How we dispose of received information;
- How we ensure compliance with our policy;
- Regulatory compliance and cooperation with regulatory authorities;
- How we retain received information; and
- Changes to the data policy.
You will find a paragraph dealing with each of these issues below. Please take the time to get to know our practices.
THE SCOPE OF THIS DATA POLICY
Our Data Policy applies to all the services offered by Ethoca Limited and its affiliates. Our Data Policy does not apply to services offered by other companies or individuals. Our Data Policy also does not cover the information practices of other companies and organizations who advertise or use our services.
WHY WE RECEIVE INFORMATION
We receive information to provide services to members of the Ethoca network. The provision of our services in turn helps reduce the impact of card-not-present fraud on these merchants and issuers.
FROM WHOM WE RECEIVE INFORMATION
We receive information from the card issuers and online merchants who are on the Ethoca network. We never collect information from nor do we deal with the cardholder directly. If you have a concern relating to the information provided to Ethoca, you should speak to either your credit card issuer or the merchant with whom the card transaction was made.
WHAT INFORMATION WE RECEIVE
We receive the information needed to provide services to the members of the Ethoca network. The information consists of data related to card not present (i.e. on-line) card transactions, such as details about disputed and/or fraudulent sales transactions, chargebacks and representments.
HOW WE RECEIVE INFORMATION
Merchants and card issuers provide us with the information in various ways. Some information is included in the agreements which we enter with members of the Ethoca network. Other information is provided via secure application portal interfaces. In all cases, Ethoca confirms with the members of the Ethoca network that such members are authorized to provide Ethoca with the associated data.
WHAT WE DO WITH RECEIVED INFORMATION
We use the information we receive from members of the Ethoca network to provide the existing services, and we use aggregate and statistical data to analyze trends to identify improvements in the existing services and to develop new services.
HOW WE SHARE RECEIVED INFORMATION
We require that entities on the Ethoca network only use the information we receive for the purposes set out in our agreements with those entities. The entities on the Ethoca network are directly involved in receiving information and have confirmed they are legally entitled to have the received information.
We do not share information with companies, organizations, or individuals other than in the course of providing services to members of the Ethoca network unless one of the following circumstances applies:
For external processing
We may provide personal information to our affiliates, other trusted businesses or persons to store or process it for us, based on our instructions and in compliance with our Data Policy and any other appropriate confidentiality and security measures.
For legal reasons
We will share information with companies, organizations and individuals outside of Ethoca if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request. enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Ethoca, our users or the public as required or permitted by law.
We may also share general information with our partners to show trends about the general use of our services.
HOW WE SECURE RECEIVED INFORMATION
We work hard to protect Ethoca and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- We have technical and non-technical measures in place to protect the confidentiality, availability and integrity of the data we store and process. Such measures including: o restricting access;
- securing configurations;
- security event monitoring;
- mandating employee training and awareness; and
- instituting physical and environmental controls.
- We restrict access to personal information only to those Ethoca employees, contractors and agents who strictly need this access in order to support the services provided.
- We require Ethoca personnel to be subject to strict contractual confidentiality obligations.
- In respect of card data, we are Payment Card Industry (PCI) compliant. We are audited to the PCI security standard each year and are registered as a PCI compliant Service Provider to the Payment Card Industry.
REGULATORY COMPLIANCE AND COOPERATION WITH REGULATORY AUTHORITIES
We regularly review our compliance with our Data Policy and ensure that we comply with the applicable pieces of data protection legislation. Ethoca is registered as a Data Processor with the Data Protection Commissioner of Ireland.
HOW WE DISPOSE OF RECEIVED INFORMATION
Information which has been received for legitimate business purposes but has no further use will be disposed of pursuant to Ethoca retention policies and secure destruction procedures so the information cannot be reconstructed.
HOW WE ENSURE COMPLIANCE WITH OUR PRIVACY PROGRAM
Ethoca has a coordinated program in which it monitors its compliance with this Data Policy. Some examples of the way we ensure compliance are as follow:
- We engage third party auditors to audit our ongoing compliance.
- We train all relevant Ethoca personnel on security and privacy policies and procedures.
- We appoint specific personnel to be responsible internally for strategic oversight and coordination of the Data Policy. Such personnel are responsible for:
- Relaying evidence of or reports concerning possible violations of codes or security policy or law;
- Providing information to about existing and emerging legal and compliance requirements with respect to privacy and related best practices;
- Supporting security and privacy awareness and education program effort;
- Supporting the development, implementation, and maintenance of information systems security and privacy policies and procedures where required in various areas, units, and functions in the business operation;
- Acting as an advocate for budget and resource requests related to ensuring the maintenance effective information privacy and security programs; and
- Ensuring that appropriate audit services and reporting are in place to detect violations and to evaluate the effectiveness of privacy and security policies and of compliance activities.
HOW WE RETAIN RECEIVED INFORMATION
We retain information only as in accordance with the items below:
- Ethoca has data retention policies that meet the requirements of the service and the agreements with our issuers, merchants and other business partners.
- If an entity ceases to be part of the Ethoca network, Ethoca will remove the data originally provided by that entity in accordance with the agreement with that entity. Please note that composite data, which is data that has been contributed more than one entity on the Ethoca network may continue to be available to those entities whose data contributed to the composite data, as per our retention policies and our contractual requirements with those entities.
In the event that you believe there has been a breach of this Data Policy, please contact us at Privacy@ethoca.com. We take such matters very seriously. We will investigate the claim and take the remedial actions that are required by the circumstances.
CHANGES TO THE DATA POLICY
Our Data Policy may change from time to time. We will post any Data Policy changes on this page. For a copy of a previous version of the Data Policy, please contact us at Privacy@ethoca.com.