Privacy Policy & Terms and Conditions
Updated January 18, 2024
This Privacy Policy describes the practices and procedures of American Bancard, LLC d/b/a TouchSuite® (“TouchSuite”) including its subsidiaries and affiliates, on the collection, use and disclosure of your information and tells you about your privacy rights and how the law protects you. TouchSuite may provide separate privacy notices that apply to specific products or services which it may offer, in which case this Privacy Notice does not apply. Where this Privacy Notice applies, TouchSuite may provide additional or supplemental privacy notices to individuals at the time we collect their data, which will govern how TouchSuite may process the information provided at that time. We may alter this Privacy Notice as needed for certain products and services and to abide by local laws or regulations around the world, such as by providing supplemental information in certain countries. This Privacy Notice does not apply to TouchSuite’s processing of the personal data of its personnel, such as employees and contractors.
By using our site, you are accepting the practices described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the site.
We reserve the right to modify or amend the terms of our Privacy Policy from time to time to accommodate new technologies, industry practices, regulatory requirements, or for other purposes. We will post any Privacy Policy changes on this page, and if the changes are material, we will provide a more prominent notice. Your continued use of the Sites following the posting of changes to these terms will mean you accept those changes. If we intend to apply the modifications or amendments to this Privacy Policy retroactively or to personal information already in our possession, we will provide you with notice of the modifications or amendments and if required by law, obtain your consent.
Collecting and Using Your Personal Data
Personal Data
We collect personal data about individuals from various sources described below. Personal Data is any information that relates to an identified or identifiable individual. Where applicable, we indicate whether and why individuals must provide us with personal data, as well as the consequences of failing to do so. Personal and other types of data may be collected as follows:
- Information Provided Directly to TouchSuite by Individuals and Third Parties
Personal data may be collected directly from individuals and the parties with which we do business, including prospects, including, but not limited to, parties that interact with us directly, parties to which we provide goods or services (such as clients, banks or financial institutions, merchants, and individuals) (collectively, “clients”), parties that provide services to us (such as vendors) (collectively, “service providers”), and other parties with whom we offer or provide products and services (such as independent sales organizations) (collectively, “partners”). This information may be collected while completing one of our online forms, making an application for one of our products or services, interacting with us in person or on social media, or corresponding with us. Data may include, but is not limited to: (a) contact information, such as name, job title, address, telephone number, and email address, (b) profile information, such as username and password that an individual may establish on one of our websites along with any other information that an individual enters into their account profile, (c) demographic details, such as date of birth, country of citizenship and/or country of residence, (d) information about individuals’ affiliation with a legal entity, such as an individual’s role, (e) photographs, video footage, audio recordings, or written statements provided or captured during a TouchSuite event or when giving a testimonial, (f) government-issued identification numbers (to the extent permitted under applicable law), such as a national identification number (e.g., a Social Security Number, tax identification number, or passport number), state or local identification number (e.g., a Driver’s License or other government-issued identification number), and a copy of your government-issued identification card, (g) feedback and correspondence, such as information you provide when you request information from us, receive customer support, or otherwise correspond with us, including by interacting with our pages on social networking online sites or services, (h) financial account information, such as payment card or bank account details, (i) information about merchants, such as merchant name, merchant ID and category code, merchant location where a transaction occurred, and information about transactions processed by the merchant, (j) information related to the use of TouchSuite products or services, such as account information, spending thresholds, spending activity and patterns, and information about the transactions we process, (k) marketing information, such as your preferences for receiving marketing communications and details about how you engage with our marketing communications, and (l) other information supplied by any prospective employees.
- Information Collected Indirectly from Users and Third Parties
We may receive personal data about individuals who do not interact with us directly. For example, our clients, service providers, and partners may provide us with information about individuals other than themselves when using our products or services. If you are providing us with personal data of another individual, please ensure you have brought this Privacy Notice to their attention. In addition, due to the unique nature of TouchSuite’s business, in many cases, TouchSuite obtains personal data from other participants in a transaction processing chain, such as card associations and debit network operators and their members. The types of information we receive about third parties may include: (a) information about the personnel of our clients, service providers, or partners, (b) information about potential job candidates, such as when a recruiter contacts us about an individual who may become a potential job candidate, (c) information about customers of our clients that our clients send to us or allow us to collect in the context of the services that TouchSuite performs, such as information related to financial transactions initiated by the customer, account registrations, and in some cases information needed to verify a customer’s identity and details of products or services purchased, and as otherwise stated in an applicable specific privacy notice for a TouchSuite or TouchSuite affiliate product or service, and (d) information obtained when processing transactions, such as information about payment transactions. Where our technology is incorporated into a merchant’s mobile application or website, we also may automatically collect certain information of the type described herein as usage data.
- Usage Data
Usage data is collected automatically when accessing our websites. Usage data may include information such as general location information, your device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our websites that you visit, technical information, or data obtained from API’s, the time and date of your visit, the time spent on those pages, the website you visited before browsing to our website, unique device identifiers and other diagnostic data. Certain products or services that we provide, or which merchants may incorporate into their websites or mobile applications may automatically collect additional information, as may be further described in a separate privacy notice. Any usage data does not include the collection of personal data. Our service providers and business partners may collect this type of information over time and across third-party websites. This information is collected via various mechanisms, such as via cookies, pixels, tags, web beacons, embedded scripts, and similar technologies. This type of information may also be collected when you read our HTML-enabled emails. You can choose to disable cookies or to opt out of the use of your browsing history for purposes of targeted advertising.
- Information Collected from Private and Publicly Accessible Sources
We and our service providers may collect information about individuals that is publicly available, including by searching publicly accessible government lists of restricted or sanctioned persons (such as the Specially Designated Nationals and Blocked Persons List), public records databases (such as company registries and regulatory filings), and by searching media and the internet. We and or our third-party verification providers may also collect information from private or commercially available sources, such as by requesting reports or information from credit reference and fraud prevention agencies to the extent permitted under applicable law. We may also maintain pages for TouchSuite and our products and services on a variety of third-party platforms, such as LinkedIn, Facebook, Twitter, YouTube, Instagram, and other social networking services. When you interact with our pages on those third-party platforms, the third-party’s privacy policy will govern your interactions on the relevant platform. If the third-party platform provides us with information about our pages on those platforms or your interactions with them (e.g. for lead generation purposes), we will treat that information in accordance with this Privacy Notice.
- Sensitive Personal Data
In limited circumstances and when permitted by law, we may request biometric data to confirm your identity, such as when we authenticate a payment using your fingerprint. In some circumstances, we may collect information that may reveal health or medical information, such as when we process transactions at health or medical facilities or pharmacies. In the context of processing employment applications, we may also request sensitive information, such as racial or ethnic origin or information about disability, where required or permitted by law of the country in which you are applying for employment. Outside of these contexts or otherwise as we specifically request, we ask that you not provide us with any sensitive personal data (meaning information revealing racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic, health, or biometric information, information about sex life or sexual orientation, or criminal convictions or offenses) through our websites or otherwise to us.
Use of Your Personal Data
TouchSuite May Use Personal Data for The Following Purposes:
- To Provide and Maintain Our Products and Services
TouchSuite provides and maintains its offerings through multiple factors including (a) operating, evaluating, maintaining, improving, and providing the features and functionality of our products and services; (b) fulfilling a payment transaction initiated by you (either with us or our client); (c) managing our relationship with you or your company; (d) carrying out our obligations, and exercising our rights, under our agreement with you or your company; (e) communicating with you regarding your account with us, if you have one, including by sending you service-related emails or messages (e.g., messages regarding account verification, changes or updates to the functionality of our products or services, technical and security notices and alerts, and support and administrative messages); (f) personalizing the manner in which we provide our products and services; (g) checking for fraud or money laundering and/or managing either our or our clients’ risk; (h) administering and protecting our business; and (i) providing support and maintenance for our products and services, including responding to your service-related requests, questions, and feedback.
- For Research and Development
Personal data may be used as part of the process of developing or improving our products and services and developing and creating analytics and related reporting, such as regarding industry and fraud trends.
- For Marketing
We may use your personal data to form a view on what products or services we think you may want or need, or what may be of interest to you. We may contact you with marketing communications using the personal data you have provided to us if you have actively expressed your interest in making a purchase or have made a purchase from us and, in any case, you have not opted out of receiving that marketing, to the extent permitted by applicable law. Where required by law, we will get your express opt-in consent before we disclose your personal data with any company outside of TouchSuite for marketing purposes. You can ask us to stop sending you marketing messages at any time by contacting us using the details in the contact ussection below or clicking on the opt-out link included in each marketing message. Should you choose to opt out of receiving our marketing messages, we will continue to carry out our other relevant activities using your personal data, including sending non-marketing messages. We may use the personal data we collect during events or from your testimonials to produce promotional, marketing, and educational materials. This can include photographs, videos, or audio recordings featuring your image or voice, as well as any statements you provide.
- For TEXT AND SMS
Opting in to receive text messages from Company does not constitute consent for sharing your information with affiliates or third parties for their marketing purposes. We strictly prohibit the sharing of your information with affiliates or third parties for marketing purposes via A2P (Application-to-Person) text messaging. Your privacy and security are of utmost importance to us, and we are committed to safeguarding your information in accordance with our privacy policy. By clicking our agreement you agree to receive calls and/or text messages from AMERICAN BANCARD LLC DBA TouchSuite™ regarding information about my processing application and TouchSuite's™ services and understand that such communications may be made using automated technology. You further agree to TouchSuite's™ terms and privacy policy at https://touchsuite.com/privacy-policy/. We strictly prohibit the sharing of your information with affiliates or third parties for marketing purposes via A2P (Application-to-Person) text messaging. Reply to any message with STOP at any time to stop receiving messages. The frequency of messages varies. Message and data rates may apply. You agree to receive recurring messages from AMERICAN BANCARD LLC, Reply STOP to Opt out. Reply HELP for help. Message frequency varies. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.
- To Manage Our Recruiting and Processing Employment Applications
We process personal data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.
- To Comply With Laws and Regulations
We use your personal data as we believe necessary or appropriate to comply with applicable laws and regulations, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
- Compliance, Fraud Prevention and Safety
We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our products and services; (b) protect our rights, privacy, safety, or property, and/or that of you or others; and (c) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
- With Your Consent
In some jurisdictions, applicable law may require us to request your consent to use your personal data in certain contexts, such as when we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third-party partners, you may withdraw your consent by contacting those partners directly.
- To Create Anonymous Data
We may create anonymous, deidentified, or aggregate data from your personal data.
Retention of Your Personal Data
TouchSuite will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. TouchSuite will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of products and services, or we are legally obligated to retain this data for longer time periods.
Transfer of Your Personal Data
Your information, including personal data, is processed at TouchSuite’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. TouchSuite will take all steps reasonably necessary to ensure that our data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal data.
European Economic Area and Switzerland Based Users Data
- Legal Basis for Processing Personal Data
If you are based in the European Economic Area (“EEA”), TouchSuite is the data controller of your personal data unless the data is being obtained by an affiliate, in which case, through the applicable training or local event, they collect, and therefore, control such personal data, which we will strive to make clear at the time of collection. The legal basis for this collection depends on the personal data concerned and the rationale for the collection. Generally, this is done with consent, however, there are instances in which we may need to perform a contract, and therefore require this personal data, or where the processing is in our legitimate interests provided there are no data protection concerns or freedoms infringed upon. There are additional occasions where we have a legal obligation to collect your personal data, and in that instance, whether to comply with legal requirements or to perform a contract, with you, we will notify you at that time.
- International Data Transfers
Your Personal Data may be transferred to, and therefore processed in, countries other than the country in which you are a resident. Our website servers are located within the United States; however, we may process your personal data in jurisdictions where our affiliates/partners and third-party service providers are located. A list of these is available upon request. Our safeguards to your personal data remain the same whether in the United States or abroad, whether with us or our third-party service providers. Those safeguards including the implementation of the European Commission’s standard contractual clauses for transfers of personal data between us and our affiliates to whom we transfer the information which require these companies to protect personal data they process from the EEA or Switzerland in accordance with the applicable European Union Data Protection Laws in effect at the time of process. The standard contractual clauses can be provided upon request
- Security of Your Personal Data
The security of your personal data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We take all reasonable and appropriate steps to protect your personal data in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration and destruction. Such measures may include, but are not limited to, physical access controls, encryption, firewalls, intrusion detection and network monitoring. We maintain annual compliance with Payment Card Industry Data Security Standard (PCI DSS) adopted by the payment card brands for all companies that process, store or transmit cardholder data. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Opt Out Information
You always have the opportunity of opting out of any promotional emails from TouchSuite and its affiliates by either (a) following the instructions that are within each email or (b) emailing any changes to preferences or information to optout. If you wish to utilize your consumer rights under the California Consumer Privacy Act (CCPA), please request a CCPA Consumer Rights Request Form or contact us directly. If you wish to utilize your rights under the General Data Protection Regulation (GDPR) please do the same.
California Based Users Data
- CCPA
The California Consumer Privacy Act of 2018 (“CCPA”), effective as of January 1, 2020, requires that businesses, such as ours, that collect personal data of California residents to make certain disclosures on how they collect, use, and disclose that personal data. These requirements are addressed in this Section; however, this shall be in addition to the Privacy Policy as a whole.
- Collection and Sharing of Personal Data
We do not sell Personal Data as defined by the CCPA. The personal data, which is collected about you, and therefore shared with applicable third parties with whom we share that personal data for a business purpose is defined below:
Categories of Personal Data We Collect | Categories of Third Parties with Which We Share Information for Business Purposes |
Identifiers (e.g., name, address, email address, etc.) | Service Providers and Customers. |
Any categories of Personal Data described in subdivision (e) of Section 1798.80 (e.g., address, telephone number, financial information, etc.) | Service Providers and Customers |
Legally Protected Classifications (e.g., gender, marital status, etc.) | N/A (Not collected) |
Commercial Information (e.g., transaction data, etc.) | Service Providers and Customers |
Internet or Other Network or Device Activity (e.g., browsing history, app usage, etc.) | Service Providers |
Approximate Location Information (e.g., location inferred from your IP address, city, country, etc.) | Service Providers |
Professional or Employment-Related Data (e.g., the name of your employer) | N/A (Not collected) |
Educational Information (e.g., degrees and certifications) | N/A (Not collected) |
Inferences drawn from any of the information identified above | N/A (Not collected) |
- Why We collect this Personal Data
We collect this personal data, identified above, to communicate with you, for marketing and promotional purposes, to develop, improve, and provide support to our service. Additional reasons for collection can be found above in this Privacy Policy.
- Automated Decisions, Credit Reference Agencies and Fraud Prevention Agencies
We sometimes make automated decisions based on your personal data (whether provided by you or collected by us from third parties such as credit reference and fraud prevention agencies). We will only do this where it is required in connection with a contract, authorized by law, or based on your explicit consent. You can contact us for more information on automated decision making.
- California Consumer Rights
You have the right to ask us to disclose certain information to you about our collection and use of your Personal Data over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal data that we collected about you.
- The categories of sources for the personal data that we collected about you.
- Our business or commercial purposes for collecting or selling that personal data.
- The categories of third parties with whom we shared that personal data.
- The specific pieces of personal data we collected about you (also called a data portability request).
- If we sold or disclosed your personal data for a business purpose, we will provide you with two separate lists disclosing:
- sales, identifying the personal data categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.
- Deletion Request Rights
You have the right to submit a request by contacting at optout@touchsuite.com, that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies. Each request must have your first name, last name, email address, company and country/state and such information must match our records prior to the fulfillment of any request.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws (when the deletion of the information is likely to render impossible or seriously impair the research, if you previously provided informed consent).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Global Data Protection
- Data Protection in the European Union, United Kingdom,or Brazil
If you are a “data subject” under applicable data protection law in the European Union, United Kingdom or Brazil, you will have the following rights in relation to personal data that we hold about you:
- Right to Access - to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data.
- Right to Rectification - to request that we rectify or update any personal data that is inaccurate, incomplete or outdated.
- Right to Erasure - to request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent.
- Right to Restriction of Processing - to request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data.
- Right to Withdraw Consent - where you have given us consent to process your personal data, to withdraw your consent.
- Right to Data Portability - to request that we provide a copy of your personal data to you in a structured, commonly used, and machine-readable format in certain circumstances.
- Right to Not be Subject to Automated Decision Making - You have the right not to be subject to automated decision making (e.g., profiling) that significantly affects you, except in the following cases:
- The automated decision is required to enter into, or perform, a contract with you.
- We have your explicit consent to make such a decision.
- The automated decision is authorized by local law of a European Union member state.
However, in the first two cases set out above, you still have the right to obtain human intervention in respect of the decision, to express your point of view and to contest the decision.
To exercise your rights as set out above or to make a complaint or submit an inquiry about our privacy practices, please contact us by (i) email at optout@touchsuite.com or (ii) writing to us at the relevant address set out in the contact us section below. To help protect your privacy and maintain security, we may take steps to verify your identity before we can action your request. If you are located in Europe, you also have the right to make a complaint at any time to a supervisory authority (for more information go to https://edpb.europa.eu/about-edpb/board/members_en). If you are located in the United Kingdom, you also have a right to make a complaint to the Information Commissioner’s Office.
- Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers. If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.
- Links to Other Websites
Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Changes to this Privacy Policy
- Updating The Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
- Contact Us
If you have any questions about this Privacy Policy, you can contact us:
- By email: privacy@touchsuite.com
- By mail: 1081 Holland Drive, Boca Raton, Florida 33487