You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings. Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com/uk.
If you do not accept our cookies, you may experience some inconvenience in your use of our web sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our web sites.
We, our third party service providers, advertiser or our partners may also use “web beacons” or clear.gifs, or similar technologies, which are small pieces of code placed on a web page, to monitor the behavior and collect data about the visitors viewing a web page. For example, web beacons may be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
Automatic Data Collection
As is true of most websites, we gather certain information automatically. We may combine this automatically collected log information with other information that you provide us or that we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality and to analyze trends in the aggregate and to administer our Sites. The information we may collect by automated means includes:
- Information about the devices our visitors use to access the Internet (such as the IP address and the device, browser and operating system type);
- URLs that refer visitors to our websites;
- Dates and times of visits to our websites; and/or clickstream data
- Internet service provider;
- Referring/exit pages;
- The files viewed on our Sites (e.g., HTML pages, graphics, etc.)
- Information on actions taken on our websites (such as page views and site navigation patterns);
- A general geographic location (such as country and city) from which a visitor accesses our websites or mobile applications; and
- Search terms that visitors use to reach our websites.
Linked Websites and Social Networks
Our websites may provide links to third-party sites for your convenience and information. PrimePay does not control linked websites, and we do not endorse or make any representations about third-party websites. Linked sites may have their own privacy policies, which you should review if you visit those sites. We are not responsible for the content of any sites not affiliated with PrimePay, any use of those sites, or those sites’ privacy practices.
We may also provide social media features on our Sites that enable you to share PrimePay information with your social networks and to interact with PrimePay on various social media websites. This includes social media features, such as the Facebook Like button and widgets, such as the Share this button or interactive mini-programs that run on our websites. Your use of these features may result in the collection or sharing of information about you. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. We encourage you to review the privacy policies and settings on the social media websites with which you interact to help you understand those website’s privacy practices.
PrimePay understands the importance of maintaining the security and accuracy of your personal and payroll information. We utilize advanced industry accepted security practices, including digital certificates, encryption and passwords to protect your personal and payroll information. We employ technological means for the backup and recovery of client information, detection and prevention of viruses and malware and site monitoring. We maintain advanced firewalls and other computer hardware and software to protect against unauthorized access or alteration to client data. These measures implement reasonable physical, administrative and technical safeguards that help us to protect our Client Information from loss or from unauthorized access, use and disclosure.
Secure Sockets Layer (SSL) provides a method to verify that you are logging on to our server and not a site that is impersonating our server. Our server sends a digital certificate to your browser program before you log on with us. SSL lets you verify the identity of a server by viewing the site’s certificate. A certificate is a way of associating a public key to a name. You can verify that you are logged on to our server by viewing our certificate through your browser program.
Once the server is authenticated via SSL, your browser and our server will establish a secret symmetric key. This symmetric key allows your browser and our server to exchange encrypted data and is valid for a single session only. If you log out and later come back to our Website, your browser and our server will negotiate a different symmetric key automatically.
PrimePay provides for the creation of a unique username and password for each user in your organization that must be entered each time a user logs on. Please be aware that passwords can remain in your browser’s cache, which may allow access if your computer is left unattended.
A Further Word About Cookies
To provide additional protection, a timeout feature is used on selected parts of our website. This feature automatically logs you out of your account after an extended period of time.
PrimePay utilizes advanced hardware and software security systems including firewall, attack detection and anti-virus systems.
PrimePay utilizes secure monitored server hosting environments which feature redundant, high bandwidth internet connections from multiple providers, real-time network monitoring and management, 24/7 facilities access monitoring, environmental controls and redundant electricity. Non-H2O fire suppression systems are also utilized to protect the availability of PrimePay internet services.
Children Under 16 Years of Age
Our Services generally provide payroll and related compliance solutions. As such, our Websites are not intended for children under 16 years of age and we do not knowingly collect personal information from children under 16 years of age. If we learn that a user of our Site is under 16 years old, we will promptly delete any personal information that the individual has provided to us.
Personal Rights and Preferences
PrimePay respects your rights to access, correct, amend and erase your personal information or object to the processing of such data. To receive an accounting of the personal information held about you by PrimePay or exercise any other personal rights or preferences regarding your personal information, please contact us at the email address or physical address listed below.
PrimePay will respond to all requests as soon as reasonably possible and in accordance with applicable law and regulations.
How to Contact Us
Attn: Information Security
1487 Dunwoody Drive
West Chester, PA 19380
You will receive confirmation of requested updates or deletions within 10 business days after request is made.
Changes to this Policy
PART II. CALIFORNIA CONSUMER PRIVACY STATEMENT
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), PrimePay is providing the following disclosure for residents in California, including consumers whose information we collect from them directly in signing up for our services and those who visit our Website. In addition to the information provided above, this disclosure further explains our collection and use of your data and rights that may be afforded to you under California law.
This disclosure does not apply to employees of our clients, whose information we are provided and maintain from your employer in performing services. If you have any questions regarding personal information provided to or maintained by PrimePay in this respect, please reach out directly to your employer.
As defined under the CCPA, Personal Information is “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
Your Rights in CA:
- Right to Know.
Under California law, you have a right to know: (i) the categories of Personal Information we collect about you, (ii) the categories of sources from which we collect that information, (iii) the business or commercial purpose for collecting such information, and (iv) the categories of third parties with whom we share that information. Additionally, you have a right to request a disclosure of the specific pieces of Personal Information PrimePay has collected and/or maintained about you for the previous twelve (12) months.
Categories of Personal Data Collected & Disclosed
PrimePay may collect the following categories of Personal Information about you in your interactions with us:
Category A: Identifiers such as your name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Category B: Personal information as defined in the California consumer records statute, such as your name, signature, social security number, address, etc.
Category C: Characteristics of protected classifications under California or federal law, such as sex, race, or age.
Category D: Commercial information, such as your purchase history and transaction information.
Category F: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interactions with our Website or applications.
Category G: Geolocation data.
Category H: Audio, electronic, visual, or similar information.
Category I: Professional or employment-related information.
Category J: Education information.
Category K: Inferences drawn from any information identified above to create a profile about you reflecting, among other, your preferences, characteristics, behavior and aptitudes.
Category L: Sensitive personal information, including your social security and other identification numbers, account log-in and credentials.
Sources of Personal Data
We collect Personal Information from you directly and indirectly through your interactions with us. For example, we may collect Personal Information when you complete forms or surveys requesting information regarding a product. We may also collect information indirectly, such as through your interactions with our Websites.
In addition, we collect Personal Information from third party sources, such as clients and partners who may provide your information in connection with our service offerings or marketing opportunities.
Purposes for the Collection of Personal Data
We may collect your Personal Information in order to:
- Perform services: such as maintaining accounts, provide customer service, process payments, or verify customer information;
- Provide advertising and marketing services: including sending you promotional materials or other advertising items that you have or may be interested in;
- Development: to help maintain, develop, improve or enhance our products and services;
- Research: to conduct research regarding technological developments;
- Security detection: to detect security incidents, to the extent that such Personal Information is reasonably necessary and helpful in detecting such incidents;
- Marketing purposes: such as auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards and advertising relating to your current interaction with our websites.
Disclosure of Personal Data
PrimePay does not sell your Personal Information, however, we may disclose such information with certain third-parties either for a valid business purpose, in accordance with applicable law (e.g., law enforcement agencies when required), or with your consent.
Parties to whom we may disclose Personal Information include contractors, vendors and other authorized third-parties to provide specific services, such as support and marketing services.
We also share cookies with third party analytics providers. For more information, please see the section entitled “Analytics” in the General Consumer Privacy Statement.
- Right to Delete or Correct.
PrimePay retains your Personal Information until there is no longer a legitimate business purpose for maintaining such information, unless we are required to maintain that information longer by applicable law.
Under California law, you have a right to request that we delete any and all Personal Information that we have collected or maintain about you. If you make such a request, we will either (i) delete all Personal Information from our records and notify our service providers to delete any Personal Information maintained about you, or (ii) notify you that your request cannot be complied with and for what reason, such as because we need to maintain the information to perform the transacted for services or comply with applicable law.
- Right to Correct Inaccurate Personal Information.
You have a right to request that PrimePay correct any inaccurate personal information collected or maintained by us. If you would like to update or correct such information, please contact us at one of the contact methods designated below.
- Right to Non-Discrimination
If you choose to exercise any of these rights afforded to you, PrimePay shall not retaliate by any means including, but not limited to, denying goods or services, charging different prices for goods or services, or providing different service levels for goods or services. Exercising certain rights may prevent or inhibit your use or access to PrimePay’s Websites or services.
- Right to Opt Out of Sharing of Personal Information
You have a right to opt out of the sharing of your personal information with third parties. If you would like to update your cookie preferences or exercise this right, please contact us at one of the contact methods designated below.
How to exercise your rights.
To submit a request under this California Consumer Privacy Statement, please contact us at firstname.lastname@example.org, (610) 296-4500, or the mailing address listed above.
Part III: EUROPEAN UNION/SWITZERLAND CONSUMER PRIVACY STATEMENT
What Role Does PrimePay Serve in Data Protection?
It is important to note that PrimePay acts both as a Data Controller and a Data Processor within the realm of data protection law compliance, including the European General Data Protection Regulation of 2018 (“GDPR”). As a Data Processor, PrimePay is responsible for safeguarding the data submitted to our services by or on behalf of our customers, including data regarding our client’s employees, as it flows through the suite of services that we offer to our customer, including our payroll processing, benefits administration, and other ancillary services (collectively the “PrimePay Services”). The first part of this European Union/Switzerland Consumer Privacy Statement (the “EU/Swiss Consumer Privacy Statement”) describes how we deal with Data as a Data Processor.
As a Data Controller, PrimePay is responsible for safeguarding the data of visitors to our websites, including our public website – primepay.com – and related sites, as well as our customer solution websites, our customer support websites and other sites through which we communicate or deliver our services (the “Sites”), and all PrimePay Service Information (as defined below). The second section of this EU/Swiss Consumer Privacy Statement describes how we deal with Data as a Data Controller.
As used in this EU/Swiss Consumer Privacy Statement, “personal data” is defined as in the GDPR, and includes any information which, either alone or in combination with other information we hold about you, identifies you, including, for example, your name, postal address, email address and telephone number.
- PrimePay as a Data Processor
PrimePay has entered into separate agreements with our customers to govern the delivery, access, and use of the PrimePay Services, including instructions for the processing of personal data on behalf of our customers.
In some cases, use of the PrimePay Services may allow you to interact with and receive services from other third-party processors (e.g. 401(k) administrators). These third-party services and the collection and use of your personal data by these third parties is governed by such third parties’ respective terms of service and privacy policies. You are responsible for reviewing these third-party terms and policies and you acknowledge that PrimePay is not responsible for the privacy practices of these third parties.
- PrimePay as a Data Controller
Why Do We Need Personal Data? We need certain personal data in order to communicate with you, provide you with the services you request through our Sites, and to address any customer service inquiries you make to PrimePay.
Information We Collect.
PrimePay may collect information about you from various sources. Specifically, we may obtain information about you:
- On our Sites (e.g., when you request information, establish an account, or submit content to our Sites);
- When you call us, email us, or communicate with us through social media; and
- From our affiliates or subsidiaries, service providers, business partners, and other third parties.
The types of personal information we may obtain includes:
- Contact details (e.g., name, postal address, email address, and telephone number);
- Username and password for the account you may establish on our Sites;
- Photographs, videos, comments, and other content you submit to us;
- Information you provide by interacting with us through social media; and
- Other details that you may submit to us or that may be included in the information provided to us by third parties.
How We Use the Information We Collect When Acting as a Data Controller
When you use or communicate with us through the Site, we may use the information we obtain about you to:
- Register you on our Sites and manage and maintain your accounts on our Sites;
- Provide products or services you request;
- Understand your needs and interests and tailor our products and services to suit your personal interests and the manner in which visitors use our Sites, products, and services;
- Communicate with you about products, services, based on the general geographic location transmitted by your mobile device;
- Maintain a record of general transactions on our Sites;
- Respond to your questions and comments and provide customer support;
- Communicate with you through email, website, mobile applications and social media about our products, services, offers, events and promotions, and offer you products and services we believe may be of interest to you;
- Enable you to communicate with us through our blogs, social networks, and other interactive media;
- Operate, evaluate, and improve our business and the products and services we offer;
- Analyze and enhance our marketing communications, and strategies (including by identifying when emails sent to you have been received and read);
- Analyze performance of our services and technology and to analyze trends and statistics regarding visitors’ use of our Sites, mobile applications, and social media assets, and the transactions visitors conduct on our Sites;
- Protect against fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users;
- Comply with applicable legal requirements and industry standards and our policies.
We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
Information We Share
We also may disclose information about you (i) if we are required to do so by law such as to comply with a subpoena or other legal process (such as a court order), (ii) in response to a request by law enforcement authorities, or (iii) when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Your Rights When PrimePay is Your Data Controller
If PrimePay is your Data Controller as described above and you wish to exercise any of the following rights, please contact us using the details below. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
Access. You may access the information we hold about you at any time by contacting us directly.
Amend. You can also contact us to update or correct any inaccuracies in your personal data.
Move. Your personal data is portable – i.e., you to have the flexibility to move your data to other service providers as you wish.
Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.
PrimePay will retain and use your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. The user account will remain active until responsible contracting company has either disabled the account or termination of service contract with PrimePay.
How We Protect Personal Information
We maintain appropriate administrative, technical and physical safeguards designed to protect the personal information you provide on our Sites against accidental unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Other personal information (not including payment card information) may be transferred unencrypted and involve (i) transmissions over various networks and (ii) changes to conform and adapt to technical requirements of connecting networks or devices. However, PrimePay will use commercially reasonable efforts, like secure socket layer (SSL), to encrypt information such as your login credentials during transmission.
Please note that no electronic transmission of information can be entirely secure. We cannot guarantee that the security measures we have in place to safeguard personal information will never be defeated or fail, or that those measures will always be sufficient or effective.
EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield
PrimePay participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. PrimePay is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. PrimePay is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. PrimePay complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, PrimePay is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, PrimePay may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the appropriate Data Protection Authority for: European Union Members or Switzerland.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
How to Contact Us
If you have any questions or comments about this European Union/Switzerland Consumer Privacy Statement, or if you would like us to update information we have about you or your preferences, please contact us by email at email@example.com. You also may write to:
Attn: Information Security
1487 Dunwoody Drive
West Chester, PA 19380
You will receive confirmation of requested updates or deletions within 10 business days after request is made.