Privacy Policy

Effective January 2020

TABLE OF CONTENTS

INTRODUCTION

INFORMATION COLLECTION

INFORMATION DISCLOSURE

CONSUMER RIGHTS AND COMPLIANCE

CONTACT INFORMATION

INFORMATION SECURITY CONTROLS

PRIVACY POLICY ADMINISTRATION

INTRODUCTION

Who We Are and What We do

PayIt provides an award-winning platform that enables governments to simplify interactions with their constituents. Our solutions revolve around multiple platforms, such as taxes, utilities, professional licensing, and motor vehicles, and function as mobile, in-person, and web-based applications. In order to facilitate these interactions, PayIt collects personal information from a combination of its government clients and from constituents themselves. Please read the following carefully to understand PayIt’s views and practices regarding personal information and how PayIt will treat it.

Why We Have a Privacy Policy

PayIt’s business is built upon the trust and integrity that our government clients, constituents, and stakeholders place in our company, and therefore the privacy and security of the data that PayIt stores, processes, and transmits on behalf of our government clients and constituents is of paramount concern to the entire company, including our employees and investors. As part of this commitment, PayIt has published a Privacy Policy that outlines:

• How and why we collect personal information
• What personal information is collected by PayIt
• How and when personal information is disclosed to third parties
• What personal information is disclosed to third parties
• The rights afforded to individuals around the storage, processing, disclosure, and transmission of their personal information.
• The process by which constituents can request an accounting, and the removal, of their personal information as per applicable local, state, federal, and international laws

PayIt is committed to complying with all applicable laws and regulations regarding the collection, storage, processing, transmission, dissemination, and protection of personally information.

Scope

This policy applies to all personal information stored, processed, and transmitted by PayIt using Company-owned assets, systems, and applications.

INFORMATION COLLECTION

Information Collection Purpose

PayIt is contracted by our government clients to be a third-party service provider for their interactions. As part of these interactions, PayIt must collect information from our government clients in order to facilitate the transaction, such as the amount of an outstanding property tax bill and the name under which the property is registered, and constituents in order to complete the transaction, such as a credit card number to pay the property tax bill. The collection and processing of constituents’ personal information is contractually and legally authorized by our government clients.
PayIt stores evidence of each transaction in order to register the interaction with our government clients and provide customer support to both government clients and constituents regarding the interaction.

PayIt may use your personal information to:

• Fulfill your requests for certain products and services
• Provide, maintain, protect, and improve our services
• Respond to your inquiries about our services
• Analyze site usage and improve the services provided through our applications
• Deliver to you any alerts and communications relevant to your use of the services
• Offer you other products, programs, or services that we believe may be of interest to you
• Perform market research to troubleshoot problems and improve the product
• Detect and protect against errors, fraud, or other criminal activity
• Enforce our Terms of Use and as otherwise set forth in this Privacy Policy
• In connection with a merger or sale of substantially all of our assets, or corporate reorganization
• Support legal, regulatory, and law enforcement inquiries and investigations

By accessing and using PayIt’s Services, you agree that PayIt may use and maintain your personal information as outlined in this document. You give PayIt permission to combine information you enter or upload for the Services with that of other users of the Services and/or other PayIt services.

Information Collection Types

The type of personal information collected by PayIt depends on the type of service the constituent is pursuing. The following is a comprehensive list of categories of personal information that PayIt may collect:

• Name
• Address
• Phone Number
• E-Mail Address
• Credit Card Number, Expiration Date, and Card Verification Value (CVV)
• Bank Routing and Account Numbers
• Property Parcel Number
• Personal Property Type, Valuation, Tax Information, and Characteristics
• Driver’s License Number
• Social Security Number
• Employment Information
• Insurance Policy Information
• Citizenship Status
• Race
• Professional Licensing Status and Information
• Legal Citation Information
• Constituent Endpoint Device Information, Internet Browser Type and Version, and Mobile Device Type and Version

Information Collection Methods and Sources

PayIt receives personal information through the following methods:

• Information that you directly and voluntarily submit as part of an interaction with PayIt
• Account, financial, or transactional information from third parties with which you have a relationship and direct PayIt to retrieve on your behalf
• Information from government clients where PayIt is acting as a third-party service provider
• Information collected by cookies and other tracking technologies when you use our Sites
• Information collected from third parties which are integral to our Services, including fraud monitoring providers, commercial databases, and identity and risk management providers.

When a constituent interacts with PayIt, the information provided during that transaction may be linked to information obtained from our government clients to create a singular record of information on an individual.

All data is stored, processed by, and transmitted to and from assets located within each government client’s country of origin, e.g. if the government client is located in the United States, the data is stored in the United States.

PayIt makes every effort, working in conjunction with our government clients, to ensure the accuracy and completeness of all personal information that it stores, processes, and transmits.

PAYIT HUMAN RESOURCES INFORMATION COLLECTION TYPES, METHODS, AND SOURCES

PayIt collects the following data for human resources purposes from its employees:

• Name
• Address
• Date of Birth
• Phone Number
• E-Mail Address
• Bank Routing and Account Numbers
• Social Security Number
• Citizenship Status
• Copies of Documents Required to Establish Citizenship and Employment Authorization (I9 Document)
• Information Required to Establish Tax Withholding (W4 Document)

Prospective employees who apply to work at PayIt are asked to submit the following information for hiring consideration:

• Name
• Address
• Phone Number
• E-Mail Address
• A Resume Listing Employment and Education Information

All of this information is submitted directly and voluntarily by current and prospective employees, respectively, as a condition of hiring and/or employment. All data is stored, processed, and transmitted in the United States.

INFORMATION DISCLOSURE

PayIt will only disclose data within the scope of this policy to external entities under the following circumstances:

• The individual has provided consent to PayIt for the disclosure.
• The disclosure is required for processing and/or to render Services to government clients, as outlined below.
• There is a good-faith belief that the disclosure is reasonably necessary to
  • (a) satisfy any applicable law, regulation, legal process or enforceable governmental request;
  • (b) detect, prevent, or otherwise address fraud, security or technical issues; or
  • (c) protect against harm to the rights, property or safety of PayIt, its clients, or the public, as required or permitted by law.
• The disclosure is required for PayIt human resources, payroll, and employment purposes.

PayIt may disclose the following personal information to the government client(s) through which your specific interaction(s) are facilitated:

• Name
• Address
• Phone Number
• E-Mail Address
• Property Parcel Number
• Personal Property Type, Valuation, Tax Information, and Characteristics
• Driver’s License Number
• Social Security Number
• Employment Information
• Insurance Policy Information
• Citizenship Status
• Race
• Professional Licensing Status and Information
• Legal Citation Information
• Transaction History
• Individual Transaction Details
• Account Status, Including Success and Failure of Transactions

PayIt may disclose the following personal information to any third-party service providers with whom we partner in order to deliver PayIt’s Services:

• Name
• Address
• Phone Number
• E-Mail Address
• Credit Card Number, Expiration Date, and Card Verification Value (CVV)
• Bank Routing and Account Numbers
• Transaction History
• Individual Transaction Details
• Account Status, Including Success and Failure of Transactions

The following information collected from current and prospective employees for the purposes of PayIt’s human resources may be disclosed to third-party service providers with whom we partner to deliver human resources services:

• Name
• Address
• Date of Birth
• Phone Number
• E-Mail Address
• Bank Routing and Account Numbers
• Social Security Number
• Citizenship Status
• Copies of Documents Required to Establish Citizenship and Employment Authorization (I9 Document)
• Information Required to Establish Tax Withholding (W4 Document)
• A Resume Listing Employment and Education Information

PayIt will not, without your permission, publish or share your personal information to third parties for their marketing purposes. PayIt does not sell personal information to third parties or government clients.

CONSUMER RIGHTS AND COMPLIANCE

California Consumer Privacy Act (CCPA)

Residents of the state of California have the following rights related to his or her personal information:

• The right to request, except where exempted by law –
  • Your personal information that has been collected by PayIt
  • The categories of personal information PayIt has collected about you in the past twelve (12) months.
  • The categories of personal information sold in the last twelve (12) months
  • The categories of personal information disclosed for a business purpose in the last twelve (12) months
  • The categories of personal information collected from you for the purposes of being sold or disclosed for a business purpose
  • The categories of third parties to whom personal information was sold and/or disclosed for a business purpose, except where exempted by law
• The right to request a restriction of the sale of your personal information
• The right to request the deletion of any personal information which has been collected from you by PayIt

Because PayIt routinely refreshes data collected from our government clients, the ability to remove personal information as per the rights listed above may be limited to transactional and account data that you have voluntarily provided PayIt.  You will be notified of the personal information categories that we are able to purge from our records in compliance with the CCPA.

You will not be charged for the requests listed above, up to twice per year.  Additional requests may incur a processing fee.  Requests may be verified in order to ensure their authenticity.  The “Contact Information” section outlines where requests may be sent.  PayIt will respond within thirty (30) days.

More information on the CCPA can be found at https://www.oag.ca.gov/privacy/ccpa.

The Personal Information Protection and Electronic Documents Act (PIPEDA)

Residents of Canada have the following rights related to his or her personal information:

• The right to request except where exempted by law –
  • Your personal information that has been collected by PayIt
  • The categories of personal information PayIt has collected about you
  • The categories of personal information sold to third parties
  • The categories of personal information disclosed to third parties for a business purpose
  • The categories of third parties to whom personal information was sold and/or disclosed for a business purpose, except where exempted by law
• The right to review your personal information collected by PayIt for accuracy and completeness
• When personal information is deemed inaccurate or incomplete, you have the right to request an amendment to your personal information, as allowed by law
• The right to revoke your consent as to PayIt’s collection, use, and disclosure of your personal information

You will not be charged for the requests listed above, up to twice per year.  Additional requests may incur a processing fee.  Requests may be verified in order to ensure their authenticity.  The “Contact Information” section outlines where requests may be sent.  PayIt will respond within thirty (30) days.

More information on the PIPEDA can be found at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/r_o_p/.

European Union General Data Protection Regulation (EU GDPR)

Individuals who reside within a country that is a part of the European Union have the following rights related to his or her personal information:

• The right to request, except where exempted by law –
  • Your personal information that has been collected by PayIt
  • The categories of personal information PayIt has collected about you
  • The retention periods for personal data
  • The categories of personal information sold to third parties
  • The categories of personal information disclosed to third parties for a business purpose
  • The categories of third parties to whom personal information was sold and/or disclosed for a business purpose, except where exempted by law
• The right to review and obtain a copy of your personal information, which is maintained as part of PayIt’s designated record set
• When personal information is deemed inaccurate or incomplete, you have the right to request an amendment to your personal information, as allowed by law
• The right to revoke your consent as to PayIt’s collection, use, marketing, and disclosure of your personal information
• The right to request a restriction of the disclosure of your personal information
• The right to request a restriction of the use of your personal information if the information is to be used for a purpose under pretenses which differ from those which were communicated when the information was initially collected or authorized by you
• The right to request the deletion of any personal information which has been collected from you by PayIt

Because PayIt routinely refreshes data collected from our government clients, the ability to remove personal information as per the rights listed above may be limited to transactional and account data that you have voluntarily provided PayIt.  You will be notified of the personal information categories that we are able to purge from our records in compliance with GDPR.

Requests may be verified in order to ensure their authenticity.  The “Contact Information” section outlines where requests may be sent.  PayIt will respond within thirty (30) days.

More information on GDPR can be found at https://gdpr-info.eu/.

Individually Identifiable Health Information Notice and Patient Rights

If you believe your privacy rights regarding your Individually Identifiable Health Information have been violated, you can contact PayIt, as outlined in the “Contact Information” section below.  Individuals can also contact the United States Department of Health and Human Services at https://www.hhs.gov/.

You have the following rights related to your Individually Identifiable Health Information:

• The right to review and obtain a copy of your protected health information, which is maintained as part of PayIt’s designated record set
• When information is deemed inaccurate or incomplete, you have the right to request an amendment to your protected health information
• The right to request a disclosure of all entities with which your protected health information was shared, except where exempted by law
• The right to request a restriction of the disclosure of your protected health information
• The right to request an alternative means for the communication of protected health information, other than one which has been chosen by PayIt.

CONTACT INFORMATION

PayIt’s headquarters is located in the United States in Kansas City, Missouri. PayIt has a designated Privacy Officer that handles all inquiries regarding this document and our privacy practices. Requests which fall under the CCPA must also submit inquiries through the Privacy Officer. All requests for further information, questions, complaints, or amendment requests can be addressed to:
PayIt
c/o Privacy Officer
1100 Main St. Suite 700
Kansas City, MO
64115
E-Mail Address – privacy@payitgov.com
Phone Number – 1-800-268-9153

All communications will be evaluated on a case-by-case basis, and will be processed in accordance with all Federal, State, International, Provincial, and Local laws and regulatory requirements. Responses to constituents will be in a readable, structured, portable, and commonly-used format.

INFORMATION SECURITY CONTROLS

Data Loss Prevention

PayIt employs a variety of physical and logical security measures and controls, including data encryption, to protect against the loss of confidentiality, availability, or integrity of personal data. Policies and procedures are in place to direct how personal data is to be protected within the organization, the processes by which data protection mechanisms are employed, and to outline disciplinary measures for violations.
Access to personal data is managed according to the principle of least privilege and is restricted to only those employees and contracted third parties with a need to know. Internal and external compliance and regulatory reviews of PayIt’s data collection, storage and processing practices, and security measures are performed on a regular basis.

Data Retention

PayIt retains personal information from an interaction and transactional standpoint for customer service and accounting purposes for a minimum of six years and a maximum of ten years. The minimum amount of time for which PayIt maintains transactional information is dictated by state laws detailing the minimum amount of time financial information must be maintained. Applicable data removal requests, as outlined in this document, will be processed after the minimum amount of time for data retention has passed.

PRIVACY POLICY ADMINISTRATION

Compliance

PayIt has a duty to protect the privacy of its government clients and constituents, and undergoes regular reviews to ensure adherence to documented internal policies and procedures, as well as compliance with all applicable laws, regulations, and requirements, as dictated by Federal, State, International, Provincial, Local, and regulatory authorities.

The official version of this policy will be maintained on PayIt’s website, https://payitgov.com/privacy/, and will be provided to anyone upon request.

Privacy Policy Maintenance

The Privacy Policy is maintained by PayIt’s Privacy Officer, which is overseen by the Chief Technology Officer. Changes to the Privacy Policy are developed and approved through PayIt’s internal governance documentation review process. The document is reviewed every twelve months.

This document may be updated as needed; however, previous versions of this policy are on-file at PayIt’s Corporate Headquarters and are available upon request. A notice of any changes will be prominently posted on the front page of PayIt’s website, https://payitgov.com/.

The date the Privacy Policy was last modified is at the bottom of this document. You are responsible for ensuring you periodically visit our Sites, Services, and Privacy Policy to check for any changes. By continuing to use PayIt’s Services, you agree to the changes in this Privacy Policy.