Fidelity National Information Services, Inc. (FIS) has created this Safe Harbor Customer Privacy Policy to help you learn about how we handle Personal Information that is collected by entities located in the European Economic Area (collectively, the EEA) and transferred to FIS in the United States. This Safe Harbor Customer Privacy Policy supplements the FIS Privacy Statement. Unless specifically defined in this policy, the terms in this Safe Harbor Customer Privacy Policy have the same meaning as in the FIS Privacy Statement. FIS, protects all Personal Information that we receive from the EEA, however, this Safe Harbor Customer Privacy Policy applies only to Personal Information received from the EEA that is not otherwise covered by an alternative mechanism such as the Standard Contractual Clauses.
FIS has subscribed to and adheres to the U.S.-EU Safe Harbor program and the U.S. Swiss Safe Harbor program (Safe Harbor Program) by adopting and implementing the Safe Harbor Privacy Principles, which include a set of frequently asked questions (collectively, the Principles). More information about the Safe Harbor Program can be found at http://www.export.gov/safeharbor/. This Policy applies to certain wholly owned direct and indirect subsidiaries of FIS, namely ClearCommerce Corporation, eFunds Corporation, and Fidelity Information Services, Inc.
FIS complies with the U.S.- EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. FIS certified it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view FIS certification, please visit http://www.export.gov/safeharbor/.
FIS acquires Personal Information in the following ways:
FIS provides a wide range of technology products for the banking and payment sectors such as payment processing, acquiring and authorizing card management and business process services, fraud prevention and account management services to EEA Clients. In order to provide these services, FIS receives information about the customers of these EEA Clients including but not limited to: name, office and personal telephone numbers, company and home address, card account numbers and transaction details, card website login credentials, and email address (collectively, Personal Information).
FIS uses Personal Information to perform its obligations under its EEA Client agreements, including the following activities:
We sometimes contract with other companies and individuals to perform functions or services described above if we are permitted to do so under our agreements with EEA Clients. These agents and service providers may have access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us. FIS requires that its agents and service providers that have access to Personal Information received from the EEA either subscribe to the Safe Harbor Principles or are subject to the EU Privacy Directive or another adequacy finding or enter into a written agreement with us that requires them to provide at least the same level of privacy protection as is required by the relevant Safe Harbor Principles.
We use reasonable physical, electronic, and administrative safeguards to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. FIS processing technologies and operations employ a wide range of security measures including: physical, electronic, and procedural safeguards; sophisticated security monitoring tools; documented security policies; use of encryption and/or private leased lines for transmissions of Personal Information to and from EEA Clients; restricted access of personally identifiable information only to those of its employees that need to know the information; and, periodic security audits by internal governance, compliance and audit groups and third party security experts.
We take reasonable steps to ensure that Personal Information we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information.
You can ask to review and correct the Personal Information that we maintain about you by sending a written request to the address listed at the end of this Policy. However, because most Personal Information received by FIS is processed and sent back to the EEA Client, we recommend that you first contact the EEA Client to whom you submitted the data and request access to your Personal Information from the EEA Client.
If you have any questions or concerns about this Policy or the Safe Harbor practices of FIS, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Safe Harbor Principles.
Chief Compliance OfficerIf after contacting the EEA Client and FIS, an individual’s complaint or dispute has not been resolved, s/he can contact the International Centre for Dispute Resolution of the American Arbitration Association at www.adr.org. This organization will provide independent dispute resolution.