Legal
This Privacy Policy governs the manner in which Nexio Pay, LLC, its subsidiaries and XXXXXX, (“Nexio”, “we”, and/or “us”) collects, uses, maintains, and discloses information collected from You or Your(each, a “You”) of the https://nex.io website (“Site”).
Personal Identification Information
This policy applies to the Personal Information you provide to us or that we collect through our websites or our partners websites, and through other online services, websites, applications, and related services that like to this Privacy Policy (collectively with the Site, the “Services”). We may collect personal identification information from You in a variety of ways, including, but not limited to, when You visit our site, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. You may be asked for, as appropriate, name, email address, phone number. You may, however, visit our Site anonymously. We will collect personal identification information from You only if you voluntarily submit such information to us. You can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Service related activities.
In this Privacy Policy, “Personal Information” means any information relating to an identified or identifiable individual.
Note. The Services are often accessed or connected through other third-party service providers and their related applications and services (“Service Provider Application(s)”), and this Privacy Policy only covers the information Nexio collects and shares to third party service providers. This policy does not include or encompass the use of your Personal Information from any Third Party or their services.
Non-personal Identification Information
We may collect non-personal identification information about You, whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about You, means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web Browser Cookies
Our Site may use “cookies” to enhance Your experience. Your web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. You may choose to set their web browser to refuse cookies or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.
See, our Cookie Policy, for more information.
Personal information we may collect and how we obtain it
Information You Provide to Us. We collect and use Personal Information and Transactional Data that you provide directly to us, or our third parties, to utilize the Services. This could include your name, phone number, email address, physical address, credit card number and other Personal Information when you utilize our Services. When you communicate to Us directly, we collect the information of that communication, including email address, subject matter, call time, call duration, and contents of the telephone call.
Information from Other Sources. To utilize our other Services, we may collect, directly from You or from other Third-Party Sources, We may collect Personal Information listed above as well as Personal Data in connection with any Banking or Credit Card Transaction, including time, transaction amount and current, and details related to you or another party.
Information we may automatically collect. We may collect information automatically from:
Social media: We may collect Personal Data via social media tools, widgets, or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link, or post directly to your social media account. When you visit a website that contains such tools or plugins, the social media or other service provider may learn of your visit. Your interactions with these tools are governed by the privacy policies of the corresponding social media platforms.
Cookies: We may collect Personal Data via cookies and similar technologies (see section 3 of this Policy for more information).
How We Use Collected Information
We utilize and retain Your Personal Information to fulfil our legal and regulatory obligations and for our business Purposes to fulfil our obligations under the Services you have selected. We will maintain Personal Information to the maximum extent required by Law and We may retain Personal Information for an extent longer than required by law if it is in our legitimate business interest and within the current legal and regulatory allowance.
Nexio Payment Platform may collect and use Your personal information for the following purposes:
We will use your Personal Information in a manner consistent with this Privacy Policy. Specifically, we will use the Personal Information we collect from you:
-
- To provide, maintain, improve, and enhance our Services;
- To verify your identity, which is required to give you access to our Services;
- To verify your accounts and establish the requested Service with the service provider(s) of your choice, including financial institutions, brokerage houses, technology providers, payment providers and credit card companies;
- To provide you with certain information that we derive from your Personal Information, such as your income based on your pay checks;
- If you subscribe to a Service requiring payment, to process the initial payment and all subsequent payments;
- To help us improve and personalize the content and functionality of our Services;
- To help us understand your usage of the Services to improve the Services;
- To communicate with you regarding customer service matters, questions and other various comments you may send to us;
- To inform you about products, services, offers, and events we offer or sponsor, and to provide news and other information we believe may interest you;
- To communicate various technical and administrative messages regarding the Services, including notices of technology updates;
- To generate de-identified and/or aggregated data that we may use for any lawful purpose;
- To offer you the option to participate in contests or surveys regarding the Services;
- Auditing related to a current interaction with the consumer and concurrent transactions;
- Debugging to identify and repair errors that impair existing intended functionality;
- Undertaking internal research for technological development and demonstration;
- To maintain legal and regulatory compliance;
- To enforce compliance with our Terms and Conditions and Policies; and
- For any other purpose disclosed to you at the time we collect or receive the Personal Information, or otherwise with your consent.
We may use the email address to send You information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests.
How We Protect Your Information
We adopt appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sharing Your Personal Information
We do not sell, trade, or rent Your personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third-party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
We provide services to or utilize third-party services that may have access to your Personal Information for a variety of business purposes. We only provide your Personal Information to a third party after such third party has a signed a confidentiality contract with us, and we provide your Personal Information to such third parties only for our business purposes. The Personal Information you provide to us will be shared in the following circumstances:
-
- With your consent and at your discretion;
- With Service Provider Applications or our approved partners with whom you have enrolled for services;
- With third-party service providers that we employ to provide marketing, security, development, or other business processes, or to provide services on our behalf;
- When we reasonably believe such disclosure is required to comply with the law, an investigation, or other legal process, such as a court order or a subpoena; or
- To service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.
We may use, share, or publicly disclose or otherwise process your information that has been de-identified, anonymized and/or, aggregated (so that it does not identify you personally) for any purpose permitted under applicable law, including for research and the development of new products.
Electronic Newsletters
If a You decide to opt-in to our mailing list, they will receive emails that may include company news, updates, related product, or service information, etc. If at any time the You would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email. We may use third-party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
Third-party Websites
You may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
Changes to this Privacy Policy
Nexio Pay, LLC has the discretion to update this privacy policy at any time. When we do, we will post a notification on the main page of our Site. We encourage You to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.
California Residents
If You are a resident of California, additional rules and information required by California Law may be found in our California Privacy Policy, below for more information.
European Residents and Great Britain Residents
If You are located within Europe or Great Britain, you have additional rights in relation to the utilization of Your Data. Please see the GDPR policy below, for more information.
CHILDREN’S PRIVACY
You must be 18 years or older to utilize our Pay in and Pay Out Services. We do not knowingly direct or target anyone under 18 years old (“Minors”) for the use of any Pay In or Pay Out services. Nor do we knowingly collect, use, or disclose Personal Information about Minors who use our Pay In and Pay Out services. When utilizing those Services, you represent and warrant you are at least the age of majority under the laws of the jurisdiction of Your place of residence. If you believe a Minor has provided us with Personal Information, please alert us at privacy@nex.io. If we learn that we have collected Personal Information from a Minor, we will promptly take steps to delete such information.
Your Acceptance of These Terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Contacting Us
If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site, please contact us. This document was last updated on March 22, 2021.
Nexio California CCPA Consumer Rights Policy
This CCPA Consumer Rights Policy describes how Nexio will manage requests from Consumers regarding their rights under the CCPA (collectively, “Requests”). These rights include a Consumer’s right to request access to their Personal Information compiled within the last twelve months; request that their Personal Information be deleted; and request that their Personal Information not be sold.
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked—directly or indirectly—with a particular Consumer or household.
“Consumer” means the natural person, who is a resident of California, to whom the Personal Information relates.
REQUEST MANAGEMENT
Receipt. Consumer Requests will typically be received by Nexio through https://www.requesteasy.com/61df-8943 or privacy@nex.io. Requests received from Consumers through other means, where reasonably identified by Nexio, should be forwarded promptly by e-mail to Privacy@nex.io.
Logging. Nexio will log the receipt and disposition of each Request, regardless of how received, and will retain such logs for at least 24 months. Such logs will include the date of Request, the nature of Request, the manner in which the Request was made, the date of Nexio’s response, the nature of the response, and the basis for the denial of the Request if the Request is denied in whole or in part. These logs shall be kept on the SixFifty Request platform. After 24 months, the Data Privacy Officer shall be responsible for directing SixFifty to delete logs as needed.
Verification.
Requests to Know and Requests to Delete. Where Consumer does not provide sufficient information in the initial Request for Nexio to reasonably verify: (i) the identity of the Consumer, (ii) that the Consumer is a California resident, and (iii) the nature of the information within the scope of the Request, Nexio may seek additional information or clarification from Consumer through reasonable means, for example, by requesting that Consumer log into an account to confirm the request or present a valid government ID. A requestor’s identity is verified when the requestor (1) clicks the link verifying their identity and residency that is sent to them by the SixFifty system and (2) correctly answers the identity verification questions. Identity may be verified via logging in to the customer account portal.
Requests to Delete Information. For Requests to Delete information where Nexio is not able to reasonably verify the identity of the Consumer, California residency, and the information within the scope of the Request, Nexio will maintain a log of the Request and send the requestor a response indicating that their request cannot be fulfilled because they have failed to verify their identity, but we will take no further action with respect to that Request.
Requests to Know Specific Information. For Requests to Know Specific Information, if the requestor’s responses to verification questions are insufficient, Nexio will review the request as if it is a Request to Know Categories of information. If the information is still insufficient to verify the requestor’s identity, it can be denied. If it is sufficient, Nexio will treat it as a Request to Know Categories of Information and follow the steps below.
Requests to Know Categories of Information. If a Request to Know Categories of Information is not verified, Nexio will direct the requestor to our general business practices regarding the collection, maintenance, and sale of personal information as set forth in our Privacy Policy.
Requests to Opt-Out of Sale. Requests to Opt-Out of Sale do not need to go through identity verification. If an employee fulfilling a Request to Opt-Out of Sale has a good-faith, reasonable belief that a request to opt-out is fraudulent, the employee should document it in the notes section on the request ticket (in the SixFifty Portal) before denying the request. Any such denials should be approved by the Data Privacy Officer. The approval for denial shall also be documented in the SixFifty platform. The requestor must be informed of the denial and given an explanation as to why the request is believed to be fraudulent.
Assessing Requests and Drafting Responses. After verification of a Request, Nexio will assess the merit of the Request and draft appropriate responses.
If Nexio concludes that the Request does not need to be granted for reasons permitted by the CCPA, then Nexio will reject the Request, as appropriate, including the reasons for doing so in the response to the Consumer.
If Nexio concludes that the Request be granted, in whole or in part, Nexio will draft a response to the Consumer and internally direct such action as may be appropriate to that particular Request (e.g., compile the Personal Information, flag Personal Information as not for sale, delete the Personal Information, etc.).
Limits on Data Searched. If Nexio concludes it need not search certain records based on CCPA Regulation § 999.313(c)(3), our response shall inform the consumer as to the categories of records that were not searched due to meeting the requirements of § 999.313(c)(3).
Requests to Know Specific Information
In our responses to Requests to Know Specific Information, Nexio will describe the following types of information with sufficient particularity but without actually disclosing:
a. Social Security numbers;
b. Driver’s license or other government-issued ID numbers;
c. Financial account numbers;
d. Health insurance or medical identification numbers;
e. Account passwords;
f. Security questions and answers; or
g. Unique biometric data generated by measurements or technical analysis of human characteristics.
If our assessment of a request determines that a verified request to know specific pieces of information will be denied in whole or in part due to conflict with federal or state law (including the CCPA), we will inform the requestor of the basis for denial (unless legally prohibited from doing so).
Requests to Know reports shall be compiled by going back 12 months from the date a verified request was received.
Requests to Know Categories of Information.
Nexio will provide individualized responses to consumers and will only refer the consumer to our general practices as outlined in our Privacy Policy if our response would be the same for all consumers and the policy discloses all information otherwise required in a response.
A response shall include:
a. Categories of personal information the business collected about the consumer in the preceding 12 months;
b. Categories of sources from which the personal information was collected;
c. The business or commercial purpose for which we collected or sold the personal information;
d. Categories of third parties to whom we sold a particular category of personal information;
e. Categories of personal information we disclosed for a business purpose in the proceeding 12 months; and
f. For each category of information disclosed for a business purpose, the categories of third parties to whom it was disclosed.
Nexio will identify categories of personal information, sources of personal information, and third parties to whom we sold or disclosed personal information in a manner that gives consumers a meaningful understanding of the categories.
Requests to Know reports shall be compiled by going back 12 months from the date a verified request was received.
Requests to Delete
If a request to delete is verified, Nexio will take the following steps:
a. Permanently and completely erase the personal information on our existing systems with the exception of short-term archived or back-up systems;
b. Deidentify the personal information; or
c. Aggregate the personal information.
Information on archive and back-up systems should be deleted when the data on the system is restored to an active system or is next accessed or used for a sale, disclosure, or commercial purpose.
Nexio will draft a response informing the requestor whether or not we have complied with the deletion request, and shall inform the consumer that we will maintain a record of the request as required by § 999.317(b).
If Nexio determines it will deny a request, we shall:
a. Inform the consumers we will not complete the request and describe the basis of the denial (including conflict with federal or state law or an exception in the CCPA);
b. Delete the consumer’s personal information that is not subject to the exception(s); and
c. Not use any retained information for a purpose other than what was identified in the exception(s) provided to the requestor.
Nexio shall determine whether service providers may have Personal Information within the scope of the Consumer’s Request; if so, Nexio will also send notice of such Request to those entities.
Response.
Nexio will use reasonable security measures when transmitting any personal information to requestors. Our responses will be sent by reasonable means, such as to the Consumer account email on file, with any Personal Information responsive to the Request contained in a password-protected ZIP file with password to be transmitted separately.
Requests to Know and Requests to Delete.
After assessment of a Request, our responses to the Consumer, service providers, or third parties (if any) will normally be sent within forty-five (45) days from the date receipt of the Request, which may be
extended by up to forty-five (45) additional days by Nexio where necessary, taking into account the complexity and number of the requests, for a maximum total of ninety (90) days from the day the request is received. Nexio shall inform the Consumer of any such extension within 45 days of receipt of the Request, together with the reasons for the delay.
If Requests from a Consumer are manifestly unfounded or excessive, in particular because of their repetitive character, Nexio may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the Request and notify the Consumer of the reason for refusing the Request. Nexio shall demonstrate that any verified Consumer Request is manifestly unfounded or excessive before taking such action.
QUESTIONS
If you have any questions regarding this CCPA Consumer Rights Policy, please contact Privacy Team at Privacy@nex.io.