TokenEx, Inc. (“we,” “us,” “our”) is a business-to-business global provider of payment and privacy solutions that processes information on behalf of its customers. We help organizations to offload the risk of storing sensitive data so that they can safely accept and transmit that data in a wide number of ways. This Privacy Notice describes to individuals (“you” or “your”) our privacy practices regarding Personal Information we receive from our customers and through this website (www.tokenex.com), (the “Site”).
Types of Information We Collect and How We Use It
We collect and use information relating to an identified or identifiable individual (“Personal Information”) in a number of ways, depending on how you choose to engage with us.
1. Information You Provide Voluntarily
We collect information you decide to share with us through our website. If you use certain aspects of the Site, such as filling out a request for us to contact you, we may ask you to provide us with Personal Information about yourself such as your name, business email, job title, company name, and business phone number.
Customer or Prospective Customer Employees
We collect Personal Information you share with us because of your relationship as an employee or contractor of our customer or a prospective customer; for example: your name, business email, job title, company name, and business phone number.
If we ask you to provide any other Personal Information not described above, the Personal Information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point that you are asked to provide it.
2. Information We Collect Automatically
Do Not Track Requests
Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our Site is not currently set up to respond to these signals.
Like most digital platforms, we gather certain data automatically when you use the Site, such as IP address, browser type, and device type. We use this technology to provide services to you as you request them, and to improve your overall experience.
We, or our service providers, may engage in remarketing to market our Sites across the web. This allows us to match the right people with the right message. When a user visits our Site, a cookie is stored on that user’s hard drive. That cookie is then used by a third party such as Google and other third-party vendors to display relevant ads as the user moves to other Sites across the internet.
Web beacons, sometimes known as pixel tags, are small transparent images that are used to track the online movements of web users. Unlike cookies, they are only embedded in the website itself and are not stored on a user’s hard drive. We may use web beacons to collect information about website usage and email response.
When you access the Site, technology such as web beacons, cookies, and remarketing tools allow us and our third-party service providers to collect information about how you use the Site and improve your overall experience. This data could include items about your visit to the Site such as:
- the IP addresses or domain names of the computers;
- URI addresses (Uniform Resource Identifier);
- location information;
- time of the request to access information on the Site;
- method utilized to submit the request to the server;
- size of the file received in response;
- numerical code indicating the status of the server’s answer (successful outcome, error, etc.);
- country of origin of the computer accessing the Site;
- features of the browser and the operating system;
- various time details per visit (e.g., the time spent on each page);
- the path followed within an application or Site with special reference to the sequence of pages visited; and
- other parameters about the device operating system and/or IT environment
3. Information from Third Parties
Information We Collect
We may collect Personal Information from a third party that is not our customer for direct marketing purposes. This Personal Information is business contact information such as your name, business email, job title, company name, and business phone number.
Information Our Customers Provide
We offer many services to our customers which involve the processing of Personal Information. When you buy something or store information with a business that uses TokenEx, that business passes Personal Information to us as part of the transaction. Typically, this includes Personal Information such as payment card data, billing details, and other Personal Information required to process a transaction between you and our customer. Any business that uses TokenEx is responsible for obtaining your consent or otherwise maintaining the legal basis to provide your Personal Information to TokenEx for processing.
4. How We Use Your Personal Information
We may use Personal Information in the following ways and where we are satisfied that we have an appropriate legal basis to do so.
We use Personal Information we receive from our customers to fulfill requests to process payment transactions, to facilitate billing, and to otherwise deliver our services.
When you visit the Site, contact us for information, or are an employee or contractor of our customer, we may use Personal Information that we receive about you to send you service announcements, newsletters, and periodic notices about specials and new products. If you have agreed to receive marketing information, you may always opt out by either using the unsubscribe link in a marketing communication or by contacting us directly using the information at the end of this Privacy Notice.
We may retain the metadata and content of any correspondence you have with us, regardless of the subject matter or the mode of communication by which such correspondence is made. This information helps us to improve our products and services, as well as the Site and the content, materials, opportunities, and services that we feature or describe on the Site, and to more effectively and efficiently respond to both current and future inquiries.
Children’s Personal Information
Our Site is not directed at persons under the age of 13. We do not knowingly collect Personal Information from children under 13 years of age nor do we have any reasonable grounds for believing that children under the age of 13 are accessing our Site. If we do learn that we have inadvertently collected Personal Information from a child under the age of 13, we will promptly delete that information. If you believe that we may have collected any Personal Information from a child under 13 years of age, please contact us at firstname.lastname@example.org.
Legal Basis for Use of Your Personal Information
Use of Personal Information is based on one or more of the following:
- an individual has given consent for one or more specific purposes, either directly to us, or to our customer which has contracted with us to perform that specific purpose;
- as necessary to comply with our legal obligations;
- as necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- With respect to subsection (ii) above, this Privacy Notice is not a contract between us and you.
Sharing Your Personal Information
Protecting Personal Information is an important part of our business. We do not sell or rent Personal Information to third parties, and do not share Personal Information except as described below. If you would like further information, please see the Contact Information section at the bottom of this Privacy Notice.
1. Personal Information about employees or contractors of our customers
We may disclose Personal Information about employees or contractors of our customers to third parties (whether other companies or individuals) when we have consent to share the information with such third parties or we need to share the information with such third parties to provide services.
2. Personal Information our customers provide for services
We share Personal Information about specific individuals with third parties (such as banks and credit card processors) to the extent necessary to deliver the services our customers request. We also use a limited number of service providers in the course of providing services. These service providers are contractually required to limit any use of Personal Information solely to the extent necessary to provide our services or in furtherance of another legitimate basis, and to take appropriate measures to protect this information.
3. Personal Information required by law
We also may disclose Personal Information to third parties when we believe disclosure is required or appropriate: (1) to comply with applicable laws, regulations, subpoenas, court orders, and the like; (2) to enforce or give effect to written agreements that we are party to; or (3) to protect the rights, property, or safety of us, our employees, other Site users, or other third parties.
4. Our sale or transfer of assets
In the event that TokenEx is sold or transfers some of its assets to another party, your Personal Information could be one of the transferred assets. If your Personal Information is transferred, use of your Personal Information will remain subject to this Privacy Notice. Your Personal Information will be passed on to a successor in interest in the event of a liquidation or administration of TokenEx.
Storage and Security
Information security is critical to our business. For information on how we ensure that we maintain appropriate technical and organizational measures to ensure a security posture that meets the risks involved in use of Personal Information, please see our Security and Trust page.
1. How We Protect Your Personal Information
We use proprietary software, firewalls, and industry-standard security technology, as well as industry-standard security practices, to protect Personal Information that we receive and to prevent that information from access by unauthorized persons. Our systems are certified as Level 1 PCI Compliant, and all data retention and credit card information is maintained according to PCI standards as determined by the PCI Security Standards Council (https://www.pcisecuritystandards.org).
2. Your Responsibilities
You are responsible for the appropriate use and safeguarding of any login ID that we issue to you regarding the use of the Site and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to your Personal Information, and to your computer.
3. Retention and Deletion of Personal Information
We delete Personal Information we retain once we determine that the purpose for which it was collected, or a compatible purpose, is complete, unless a longer period is required (i) by law or to comply with legal obligations; (ii) to resolve disputes; or (iii) to protect our legal rights.
Your Choices and Rights
If your Personal Information is provided to us by our customer for the provision of services, we will forward to our customer any request received from you in which you exercise your rights regarding Personal Information provided you identify yourself sufficiently for us to determine which customer to notify. We do not have the right to independently access Personal Information received from our customers other than as necessary to provide services. Additionally, depending on your location, some rights listed below may apply to you and some may not but, for clarity, the right included below are intended to give you notice that you may have legal rights available to you regarding Personal Information collected or used by us on behalf of our customers or independently.
If you would like to exercise any of these rights, please:
- Contact us using the Contact Information at the bottom of this Privacy Notice,
- Provide enough information to identify you (e.g., your full name, address, and customer number if you have one), and
- State what right you want to exercise and the information to which your request relates.
- Depending on the nature of your request, we may require proof of your identity.
1. Dispute Resolution
All disputes should first be brought to our attention using the Contact Information listed below. If you are not satisfied after a good faith effort to resolve the dispute, you may have an additional right to bring a claim before a data protection authority, court, regulator, or similar authority.
If your Personal Information is subject to protection of European Union or United Kingdom (“UK”) law, you also have the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) member state, or UK country as applicable, where you work, normally live, or where any alleged infringement of data protection laws occurred.
2. Opt-Out Procedures
If you would like to withdraw your consent for us to use your Personal Information, you may do so by contacting us via the details set out at the end of this Privacy Notice. You may also unsubscribe from marketing communications using the link in the communications. However, if you withdraw your consent, this may impact the ability for us to provide our services.
3. Access, Corrections, Deletions
You may have the right to be provided with a copy of your Personal Information, to require us to correct any mistakes in your Personal Information and in certain situations, the right to require us to delete your Personal Information.
4. Data Use and Sharing
Right to Object
You may have the right to object: (1) at any time to your Personal Information being processed for direct marketing (including profiling); and (2) in certain limited situations to our continued processing of your Personal Information, even for our legitimate interests.
Right to Restriction of Processing
In certain circumstances, you may have the right to require us to restrict processing of your Personal Information. For example, if you contest the accuracy of the data we process.
Right Not to be Subjected to Automated Individual Decision-Making
You may have the right to not be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
Right to Data Portability
In certain situations, you may have the right to receive the Personal Information you provided to us and/or request that we transmit that data to a third party. Your data will be provided in a structured, commonly used and machine-readable format.
EU-US and Swiss-US Privacy Shield Provisions
We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information from the European Economic Area (“EEA”) or Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles (“Principles”). If there is any conflict between the terms in this Privacy Notice and the Principles, the Principles shall govern to the extent of the conflict. To learn more about the Privacy Shield program or to view our certification, please visit https://www.privacyshield.gov/. The Federal Trade Commission has jurisdiction over our compliance with Privacy Shield.
2. Onward Transfers
We are responsible for processing the Personal Information we receive under Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf. We are potentially liable if our agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
3. Inquiries and Complaints
In compliance with Privacy Shield Principles, TokenEx commits to resolve complaints about our collection or use of your Personal Information. EU or Swiss individuals with inquiries or complaints regarding this Privacy Notice should first contact TokenEx by the means listed in the Contact Information section of this Privacy Notice.
As part of our participation in Privacy Shield, we will first investigate and attempt to resolve through our internal processes any dispute you have with us about our adherence to the principles. If your complaint or dispute cannot be resolved internally, TokenEx further commits to refer unresolved complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact the American Arbitration Association at http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.
If your complaint is not resolved through the above channels, you may be able to invoke binding arbitration for complaints regarding Privacy Shield compliance in certain limited circumstances. For more information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Changes to This Notice
TokenEx reserves the right to modify or amend this Privacy Notice at any time and for any reason. Please note the date at the top of this document to determine the latest revision date of this Privacy Notice. Any changes to this Privacy Notice will become effective immediately when posted on the Site.
Questions, Corrections, and Complaints
We hope that our Data Protection Officer can resolve any question or concern you have about your Personal Information.
Our Data Protection Officer can be reached at:
Attn: Legal Department
P.O. Box 521068
Tulsa, Oklahoma 74152-1068
The General Data Protection Regulation also gives persons located in the European Union the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
Our EU Representative is:
The Document Warehouse
Document Park, Castle Road, Sittingbourne, Kent, ME10 3JP
+44 (0)208 092 4555