Data Privacy Policy

 

Data Privacy Policy

April 2017

What We Do

Ethoca is the leading global provider of collaboration-based technology that enables card issuers, ecommerce merchants and online businesses to increase card acceptance, stop more fraud, recover lost revenue and eliminate chargebacks from both fraud and customer service disputes.

Through the Ethoca Network – the first and only of its kind in the industry – we are closing the information gap between card issuers and merchants. This unique capability makes fraud and customer dispute insight available and actionable in real time.

Our suite of services delivers significant revenue growth and cost saving opportunities for thousands of merchants and hundreds of issuers across the globe. This includes the world’s biggest ecommerce brands and largest banks.

What Our Data Policy Explains

We are pleased to share our policy and practices relating to the collection and use of data.  This Data Policy explains:

  • The Scope of this Data Policy;
  • Why we collection information;
  • From whom we collect information;
  • What type of information we collect;
  • How we collect information;
  • What we do with collected information;
  • How we share collected information;
  • How we secure collected information;
  • How we ensure compliance with our policy;
  • Regulatory compliance and cooperation with regulatory authorities;
  • How we retain collected information; and
  • Changes to the data policy.

 

You will find a paragraph dealing with each of these issues below.  Please take the time to get to know our practices.

The Scope of this Data Policy

Our Data Policy applies to all the services offered by Ethoca Limited and its affiliates.  Our Data Policy does not apply to services offered by other companies or individuals. Our Data Policy also does not cover the information practices of other companies and organizations who advertise or use our services.

Why We Collect Information

We collect information to provide services to members of the Ethoca network.  The provision of our services in turn helps reduce the impact of card-not-present fraud.

From Whom We Collect Information

We collect information from the card issuers and online merchants who are on the Ethoca network.  We never collect information from nor do we deal with the cardholder directly.  If you have a concern relating to the information provided to Ethoca, you should speak to either your credit card issuer or the merchant with whom the card transaction was made.

What Information We Collect

We collect the information needed to provide services to the members of the Ethoca network.  The information consists of data related to card not present (i.e. on-line) card transactions, such as details about disputed and/or fraudulent sales transactions, chargebacks and representments. 

How We Collect Information

Merchants and card issuers provide us with the information in various ways.  Some information is included in the agreements which we enter with members of the Ethoca network.  Other information is provided via secure application portal interfaces.  In all cases, Ethoca confirms with the members of the Ethoca network that such members are authorized to provide Ethoca with the associated data.

What We Do With Collected Information

We use the information we collect from members of the Ethoca network to provide the existing services, analyze trends to identify improvements in the existing services and to develop new services.

How We Share Collected Information

We require that entities on the Ethoca network only use the information we collect for the purposes set out in our agreements with those entities. We do not share information with companies, organizations and individuals other than in the course of providing services to members of the Ethoca network unless one of the following circumstances applies:

For external processing

We may provide personal information to our affiliates other trusted businesses or persons to store or process it for us, based on our instructions and in compliance with our Data Policy and any other appropriate confidentiality and security measures.

For legal reasons

We will share information with companies, organizations or individuals outside of Ethoca if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request. enforce applicable Terms of Service, including investigation of potential violations.                
  •  detect, prevent, or otherwise address fraud, security or technical issues.
  •   protect against harm to the rights, property or safety of Ethoca, our users or the public as required or permitted by law.

We may also share general information with our partners to show trends about the general use of our services.

How We Secure Collected Information

We work hard to protect Ethoca and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

  •  We have technical and non-technical measures in place to protect the confidentiality, availability and integrity of the data we store and process.  Such measures:
  • include restricting access;
  • securing configurations;
  • security event monitoring;
  • mandating employee training and awareness; and
  • instituting physical and environmental controls.
  •  We restrict access to personal information only to those Ethoca employees, contractors and agents who strictly need this access in order to support the services provided. 
  •  We require Ethoca personnel to be subject to strict contractual confidentiality obligations.
  • In respect of card data, we are Payment Card Industry (PCI) compliant.  We are audited to the PCI security standard each year and are registered as a PCI compliant Service Provider to the Payment Card Industry.

Regulatory Compliance and Cooperation with regulatory authorities

We regularly review our compliance with our Data Policy and ensure that we comply with the applicable pieces of data protection legislation.   Ethoca is registered as a Data Processor with the Irish Data Protection Commissioner.

How We Ensure Compliance with Our Data Policy

Ethoca has a coordinated program in which it monitors its compliance with this Data Policy.  Some examples of the way we ensure compliance are as follow:

  • We engage third party auditors to audit our ongoing compliance.
  • We train all relevant Ethoca personnel on security and privacy policies and procedures.
  • We appoint specific personnel to be responsible internally for strategic oversight and coordination of the Data Policy. Such personnel are responsible for:
  • Relaying evidence of or reports concerning possible violations of codes or security policy or law;
  •  
  • Providing information to about existing and emerging legal and compliance requirements with respect to privacy and related best practices;
  • Ongoing notification about privacy policy and any revisions to the existing policy;
  • Supporting security and privacy awareness and education program effort;
  • Supporting the development, implementation, and maintenance of information systems security and privacy policies and procedures where required in various areas, units, and functions in the business operation;
  •  Acting as an advocate for budget and resource requests related to ensuring the maintenance effective information privacy and security programs; and
  • Ensuring that appropriate audit services and reporting are in place to detect violations and to evaluate the effectiveness of privacy and security policies and of compliance activities.

 

How We Retain Collected Information

We retain information only as in accordance with the items below:

  • Ethoca has data retention policies that meet the requirements of the service and the agreements with our issuers, merchants and other business partners.
  •  If an entity ceased to become part of the Ethoca network, Ethoca will remove the data originally provided by that entity in accordance with the agreement with that entity.  Please note that composite data, which is data that has been contributed more than one entity on the Ethoca network may continue to be available to those entities whose data contributed to the composite data, as per our retention policies and our contractual requirements with those entities.

Policy Breaches

In the event that you believe there has been a breach of this Data Policy, please contact us at Privacy@ethoca.com. We take such matters very seriously.  We will investigate the claim and take the remedial actions that are required by the circumstances.

Changes to the Data Policy

Our Data Policy may change from time to time. We will post any Data Policy changes on this page. For a copy of a previous version of the Data Policy, please contact us at Privacy@ethoca.com. 

Ethoca's Connections
7 of 10

Top Online Merchants
Use Ethoca

5,400+

Merchants of All Sizes
Count on Our Services

Global

Network of Major
Card Issuing Banks