English Icelandic
Merchant Accounts Credit Card Services


DalPay Internet Billing Privacy Policy

Snorrason Holdings ehf and its business units such as DalPay Internet Billing ("DalPay") with primary offices in Dalvík, Iceland take care to protect the privacy and security of the information that you share with us through www.dalpay.com or secure.dalpay.is ("the Website", "this Website", "our Website"). It is important that you understand how we collect, use, and maintain any information you provide us. This Policy explains our approach including our online information practices, the choices you may make about how we collect and use your information at this Website, and the ways you may contact us.

We may change this Privacy Policy from time to time. Changes to this Privacy Policy are effective upon posting here on the Website. Please check back periodically for updates.

The amount, type, and use of information we collect depends on how you use this Website. This Privacy Policy applies only to the practices of DalPay Internet Billing and its employees. We are subject to the requirements of the Icelandic Act on the Protection of Privacy as regards the Processing of Personal Data, No. 77/2000 as amended which complies with the intent of EU Directive 95/46/EC.

Definitions

Personal Information includes, without limitation, your name, contact information (including email address, instant messaging username, and website URL, as applicable), and other individually identifiable information about you.

Non-Identifying Personal Information includes information about your web browsing and other Internet usage, including, without limitation, your Internet service provider, IP address, IP country of origin, browser type and plug-ins installed, the Website that referred you to us, the web pages you request, the date and time of those requests, and our web page entry and exit points.

Aggregated Information is any information about more than one individual where the individual identities are unknown and cannot be inferred from the information. Aggregated Information is not Personal Information.

A Merchant is a business that contracts with DalPay to utilise our payment gateway services to store, process and transmit an end customer's payment card or electronic check data to acquiring banks for charging against their account.

COLLECTION OF PERSONAL INFORMATION

DalPay may collect Personal Information from you, but only if you provide it to us voluntarily, or it is sent to us by your web browser. We also collect Personal Information that you provide to our Merchants, which they pass on to us for secure storage according to industry security standards. You must provide Personal Information in the form of a unique identifier (for example email or username, and password) to enter certain parts of our Website.

COLLECTION AND USE OF NON-IDENTIFYING PERSONAL INFORMATION

As a provider of payment management and risk management services to online businesses worldwide, all activity on our servers is logged and archived as required by industry security standards. During your use of our Website, we will collect certain Non-Identifying Personal Information to allow us to collate statistical trends about the use of the site, as well as to indicate possible misuse or abuse of our services. At no time will this information be sold or traded by us. We retain Non-Identifying Personal Information and use it to establish Website activity trends, monitor Website performance, improve Website design and functionality, and to detect misuse, including the misuse of hijacked "zombie" computers to commit fraud against DalPay and its Merchants. Our collection of Non-Identifying Personal Information may involve the use of cookies, and in some cases, the use of local shared objects AKA "Flash cookies".

COOKIES AND LOCAL SHARED OBJECTS

Cookies (pieces of text stored on a user's computer by their web browser) allow us to provide features such as Website session login.

The Help portion of the toolbar on most browsers will tell you how to configure your web browser to accept cookies, to prevent your browser from accepting cookies that last beyond the current session, to have the browser notify you when you receive a new cookie, or to disable cookies altogether. No Personal Information will be encoded in cookies that are stored on your computer.

Local shared objects (also known as "super cookies", or "Flash cookies"), when deployed, are used to store the same information as can be found inside traditional browser cookies. Our global anti-fraud network partners use them to identify devices that have been previously used to place orders with our Merchants, or with merchants that are part of the global anti-fraud networks, that have resulted in an outstanding financial loss.

You can read here about browser plug-ins to manage local shared objects, and read here how to configure your web browser to accept local shared objects, to prevent your browser from accepting local shared objects that last beyond the current session, to have the browser notify you when you receive a new local shared object, or to disable local shared objects altogether.

CHILDREN/MINORS

We do not knowingly collect, maintain, or use Personal Information from those under the age of 18 years. If you are under 18 years of age, you must not share your personal information with us unless we have received your parent/guardian's written consent, and you have reached the minimum applicable age in your jurisdiction.

USE OF PERSONAL INFORMATION

As a general principle we only collect, use, and disclose Personal Information for purposes that are reasonable given the circumstances. We use only fair and lawful means to collect it. We use Personal Information to provide payment gateway services or to allow you to view your transaction details of an order placed by you with one of the Merchants using our gateway. We may also use Personal Information to provide current and potential customers and merchants with information about our services. At no time will this information be sold or traded by us.

We reserve the right to use or disclose non-personally identifying Aggregated Information for business purposes, in compliance with the relevant Data Protection legislation.

OUR AGENTS

We reserve the right to disclose Personal Information to other companies and individuals from time to time, in order for them to perform functions for us under confidentiality agreements, or under accepted standards of commercial confidentiality. These types of agents include mailing and delivery companies (such as Iceland Post or FedEx, etc.), and other agents who perform functions for, or on, our behalf.

These agents may perform functions including fulfilling of orders, delivering packages, sending postal mail and email, providing customer service and for fraud screening. Where we disclose Personal Information to organizations that perform services on our behalf, we require those organizations to use such information solely for the purposes of providing the contracted services to us, and to protect the Personal Information with appropriate safeguards.

APPLYING FOR A MERCHANT ACCOUNT

When you submit an application to obtain a merchant account through DalPay, you will be required to provide Personal Information. Furthermore, DalPay may also obtain information about you and parties related to you from third party sources, including, without limitation, consumer reporting and credit agencies for underwriting and due diligence purposes.

When we receive an application from a business, we may perform a search with a credit reference agency, and due dilgence agency on the company, and any individual directors or partners.

USE OF GATEWAY SERVICES

As a Merchant

When you apply to use DalPay's online payment processing services, in order to process and manage transactions for Internet merchant accounts connected via our payment gateway services you will be required to provide Personal Information and to enter into a written agreement with DalPay.

As a Customer of a Merchant

If you ordered any products or services from one of the Merchants that use our payment gateway services you are required to submit Personal Information ("Transaction Information"). Such end customers interact with DalPay's secure servers and transmit Transaction Information to DalPay over Secure Socket Layer connections (at least SSLv3 128-bit but usually 256-bit) for the purpose of processing these orders. Transaction Information is maintained on hardened PCI DSS compliant servers located around the world, depending on where the order originates, or the geographic location of the customer. DalPay may maintain Transaction Information for a certain period of time to comply with card association rules, or for disaster recovery purposes, but will always retain such information according to industry security standards, and the requirements of the card associations.

BUSINESS TRANSFERS

As we continue to develop our business, we might buy or sell business units. In these transactions, Personal Information might be transferred with the business unit, but it will remain subject to the promises made in any pre-existing Privacy Policy, unless an individual consents otherwise.

PROTECTION OF DALPAY INTERNET BILLING AND OTHERS

We may use or disclose Personal Information without your consent in certain circumstances:

If we are required by law, or by an order or requirement of a court, or by court rules concerning the production of records;

If we have reasonable grounds to believe that use or disclosure is necessary to protect the privacy, property, or safety of our users or others;

If we have reasonable grounds to believe that the information relates to a breach of agreement or violation of the law that has been, is being, or is about to be committed;

If it is necessary for fraud protection, risk reduction, or the establishment of amounts or collection of monies owed to us;

If it is necessary to enforce or apply our Terms of Service and other agreements, to pursue remedies, or to limit damages to DalPay;

When we are required or permitted to disclose information without consent, we will not disclose more information than is necessary to fulfill the disclosure purpose. We do not like or support unlawful and unreasonable "fishing expeditions" by governmental agencies, companies, (or individuals), without a court order.

CONSENT

We will obtain your consent to the collection, use, and disclosure of that information as described in this Privacy Policy. If you do not consent to our collection, use, or disclosure of your Personal Information as described in this Privacy Policy, then do not share Personal Information with us. However, we are obviously unable to offer some services, like payment gateway services or transacton processing, without Personal Information.

You may withdraw your consent at any time, subject to reasonable notice and your legal or contractual obligations. To withdraw your consent, simply tell us of the Personal Information that you no longer wish us to collect, use, or disclose through the Contact Information listed below.

There are limited situations in which applicable laws or industry security standards require us to collect, use, or disclose Personal Information without your consent or after you withdraw your consent. We describe these situations under Protection of DalPay Internet Billing and Others in the section on Use of Personal Information in this Privacy Policy.

RETENTION AND ACCESS

We will take reasonable steps to keep your Personal Information accurate, complete, current, and relevant to its intended use. We keep your Personal Information only as long as we need it for the reasons it was collected. When your Personal Information is no longer required for our purposes, we have procedures to destroy, delete, or erase it, or to convert it to an anonymous form according to industry security standards.

Any information that DalPay collects from visitors to this Website will be used, stored, or processed, in whole or in part, in the Republic of Iceland. Iceland is a sovereign nation that is a member of the European Economic Area but not the EU (in the same way as the Principality of Liechtenstein, or Switzerland if that nation might join the EEA). The principal place in which we hold Personal Information is Dalvík, Iceland.

At your request, we will provide you with reasonable access to your Personal Information, so that you can review what we have stored and, if you choose, request corrections to it. After you request access, we will provide the Personal Information that you request as soon as practically possible and generally no later than thirty days following the request. If you wish to correct your Personal Information, please send us a written explanation of the particular information that you believe should be corrected. Where information will not or cannot be disclosed, we will tell you the reasons for non-disclosure as we are permitted by law. Please make such requests in English or Icelandic.

SECURITY

DalPay combines technical and physical safeguards with employee policies and procedures to protect your information. We work to protect your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts the information that you provide online at our Website. We also offer the option to send information to us encrypted using the Pretty Good Privacy standard (PGP and OpenPGP) over email. We will always use commercially reasonable efforts to protect your information, according to industry security standards.

Further, we permit only authorized DalPay employees to access any Personal Information that you supply to us. If an employee misuses Personal Information, we will take disciplinary action, up to and including termination of employment, and remedies available at law. If any individual or organization we contract with as an agent for us, or supplier to us, misuses personal Information, we will take action, including termination of any agreement between DalPay and that individual or organization, and remedies available at law.

LINKS TO OTHER WEBSITES

When you click on a link on this Website that takes you to a website operated by another company (including those of our Merchants), you will be subject to that website's privacy policies. We cannot be responsible for other websites' privacy policies and you should check before providing Personal Information to them.

DISPUTE RESOLUTION

Please direct any questions or concerns regarding the use or disclosure of Personal Information to us by using the Contact Information given below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Privacy Policy. For complaints that cannot be resolved, we will make available to you an independent dispute resolution process.
 
CONTACT INFORMATION

In the event of questions about (i) access to your Personal Information, (ii) our collection, use, management, or disclosure of Personal Information, or (iii) this Privacy Policy, please contact the Privacy Officer either;

Via the Contact Us link at dalpay.com
(Please add robot@dalpay.com and support@dalpay.com to your email system's 'spam whitelist' to ensure that our reply will reach you.);

OR

By mail:

Privacy Officer
Snorrason Holdings ehf
Postholf 76
Dalvík 620
Iceland.

OR

By telephone:

1-877 865 7746 - Toll Free U.S. & Canada

+354 412 2600 - International direct dial

412 2600 - Local from Iceland

This Privacy Policy was last revised on Jan 1, 2009.
Version: 1.3.