FIS has subscribed to and adheres to the U.S.-EU Safe Harbor program and the U.S. Swiss Safe Harbor program (Safe Harbor Program) by adopting and implementing the Safe Harbor Privacy Principles, which include a set of frequently asked questions (collectively, the Principles). More information about the Safe Harbor Program can be found at http://www.export.gov/safeharbor/. This Policy applies to certain wholly owned direct and indirect subsidiaries of FIS, namely ClearCommerce Corporation, eFunds Corporation, and Fidelity Information Services, Inc.
FIS complies with the U.S.- EU Safe Harbor Framework and the U.S.- Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. FIS certified it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view FIS certification, please visit http://www.export.gov/safeharbor/.
FIS acquires Personal Information in the following ways:
- EEA Clients send credit and debit card application information to FIS for processing;
- EEA Clients send account management related requests such as card status and information changes to FIS for processing;
- Transaction-related data is sent to FIS for processing, either directly from EEA Clients or from their merchant customers;
- EEA Clients send FIS contact information for their customers so that FIS may contact such individuals to perform account management services;
- FIS contacts individuals at the request of its EEA Clients for the purpose of account management;
- Individuals contact FIS in order to establish or manage their accounts with the EEA Clients;
- FIS supports EEA Clients by providing assistance to the EEA Client’s technical staff; and
- EEA Clients send information access requests to FIS for processing.
Information Received From the EEA
FIS provides a wide range of technology products for the banking and payment sectors such as payment processing, acquiring and authorizing card management and business process services, fraud prevention and account management services to EEA Clients. In order to provide these services, FIS receives information about the customers of these EEA Clients including but not limited to: name, office and personal telephone numbers, company and home address, card account numbers and transaction details, card website login credentials, and email address (collectively, Personal Information).
Use of Personal Information
FIS uses Personal Information to perform its obligations under its EEA Client agreements, including the following activities:
- Processing opening, change or closing requests for individuals on behalf of the EEA Client;
- Processing opening, change or closing requests for cardholder accounts on behalf of the EEA Client;
- Processing transaction information on behalf of the EEA Client;
- Providing transaction screening services to EEA Clients;
- Providing account management services to EEA Clients; and
- Providing EEA Client support or implementation services for the above activities and for FIS software.
If we intend to use your information for a purpose that is incompatible with these purposes or if we intend to disclose it to a type of third party not previously identified, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures.
Agents and Service Providers
We sometimes contract with other companies and individuals to perform functions or services described above if we are permitted to do so under our agreements with EEA Clients. These agents and service providers may have access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us. FIS requires that its agents and service providers that have access to Personal Information received from the EEA either subscribe to the Safe Harbor Principles or are subject to the EU Privacy Directive or another adequacy finding or enter into a written agreement with us that requires them to provide at least the same level of privacy protection as is required by the relevant Safe Harbor Principles.
We use reasonable physical, electronic, and administrative safeguards to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. FIS processing technologies and operations employ a wide range of security measures including: physical, electronic, and procedural safeguards; sophisticated security monitoring tools; documented security policies; use of encryption and/or private leased lines for transmissions of Personal Information to and from EEA Clients; restricted access of personally identifiable information only to those of its employees that need to know the information; and, periodic security audits by internal governance, compliance and audit groups and third party security experts.
We take reasonable steps to ensure that Personal Information we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information.
Access to Personal Data
You can ask to review and correct the Personal Information that we maintain about you by sending a written request to the address listed at the end of this Policy. However, because most Personal Information received by FIS is processed and sent back to the EEA Client, we recommend that you first contact the EEA Client to whom you submitted the data and request access to your Personal Information from the EEA Client.
Safe Harbor Enforcement and Dispute Resolution
If you have any questions or concerns about this Policy or the Safe Harbor practices of FIS, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Safe Harbor Principles.
Chief Compliance Officer
601 Riverside Avenue
Jacksonville, Florida 32204
Fax Number: 904.438.6036
If after contacting the EEA Client and FIS, an individual’s complaint or dispute has not been resolved, s/he can contact the International Centre for Dispute Resolution of the American Arbitration Association at www.adr.org. This organization will provide independent dispute resolution.