Privacy Policy

NatPay's Privacy Policy

National Payment Corporation (NatPay) recognizes the importance of protecting the privacy of personal information about our customers and visitors to our web sites. Personal information includes all of the personally identifying information that is provided to NatPay. NatPay is sensitive to these privacy interests and believes that protecting valuable personal/financial information is one of NatPay's most significant responsibilities.

The policies outlined below describe NatPay's policies to protect your privacy. Updates in this latest version of the privacy policy reflect changes in applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”). Additionally, we have revised this privacy policy to be more clear, concise, and accessible.

Normal Web Site Usage

You can visit the NatPay web site to read about our products, services, and company information without telling us who you are, and without revealing any of your personal information. The only information we store and collect during your normal web site usage is the name of your Internet service provider, the web site that referred you to us, the pages you accessed and the time and date of those requests. We use this information to only generate statistics and measure site activity to improve the usefulness of your visits.

This privacy policy also covers any of your personal information which is provided to us and which is used in connection with the marketing of the services, features or content we offer (the “Services”) to our clients and/or the support that we may give you in connection with the provision of our services.

Finally, this privacy policy also describes the choices available to you regarding the use of, your access to, and your rights in relation to your personal information.

Collection of Personally Identifiable Information

There are instances where NatPay will request personally identifiable information to provide you, the web site visitor, a service or correspondence. This information, such as your name, mailing address, email address, type of request and possible additional information, is collected and stored in a manner appropriate to the nature of the data by NatPay and is used to fulfill your request. NatPay uses the information you volunteered for our marketing purposes. It is never provided, rented, or sold to any other company for use.

The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions. As part of the services, you may choose to opt-in to receive occasional email and other communications from us, such as communications relating to promotions. You may opt-out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing us at [email protected] In the context of us providing you marketing, we may analyze your preferences to make sure the information we provide you is relevant.

Use, Collection and Retention of Customer Information

NatPay collects, retains and uses only the information about our customers that is required to administer NatPay's business and provide high-level services to our customers. We retain this information no longer than necessary to meet these objectives. We will retain your personal information and the personal information we process on behalf of our clients for as long as needed to provide services to our clients in accordance with NatPay data retention policies, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. You may request removal of your personal information at any time by contacting [email protected]

Information Disclosed for Our Protection and the Protection of Others

In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (1) satisfy any applicable law, regulation, legal process or governmental request (2) enforce this privacy policy, including investigation of potential violations hereof, (3) detect, prevent, or otherwise address fraud, security, or technical issues; (4) respond to user support requests; or (5) protect our rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

Data Security

All NatPay employees are educated about the importance of privacy and confidentiality. Only those employees having a business reason for knowing such information have access to personally identifiable information. The security of your personal information and our clients’ information is important to us. We put in place appropriate technical and organizational measures to ensure your personal information is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations.

When you enter sensitive information (such as login credentials), we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it.

When we share your personal information with third party service providers, we base our selection on said parties having adequate safeguards in place that meet our data protection standards. We audit their compliance with such standards and incorporate contractual provisions ensuring compliance with (1) such standards and (2) applicable data privacy laws and regulations. If you have any questions about security on our site, you can contact us at [email protected]

Breach of Privacy

In the event NatPay becomes aware that any private client information has been viewed by individuals not having a business reason to know this information, NatPay will notify all affected clients in a reasonable amount of time of this breach of privacy, following this discovery.

Protection of Information via Established Security Procedures

NatPay maintains rigorous security standards and procedures regarding unauthorized access to customer and web site visitor information. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you at our site. We provide assurance in security awareness and policy by regularly submitting to SSAE 18 SOC I Type 2 and HIPPA examinations.

Restrictions on the Disclosure of Account Information

NatPay provides information about customer accounts or other personally identifiable data to third parties only when (1) the information is provided to help complete a customer initiated transaction, (2) the customer requires it, (3) the disclosure is required by/or allowed by law, or (4) it is necessary to process transactions and provide our services.

Rights with Regard to Your Personal Information

In the event that you have provided personal information to us in your use of the site, we will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting us at [email protected] We will respond to your request within a reasonable timeframe.

When acting as a service provider of our clients, NatPay has no direct relationship with the individuals whose personal information is provided to NatPay through the Services. An individual who is or was employed by one of our clients and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete his/her personal information in the platform, should direct his/her query to the HR department of the client that uses the platform and for which he/she works or used to work if he/she cannot make the appropriate changes via its access to the platform provided by the client.

If located in the European Economic Area (“EEA”), you have the following rights regarding your personal information we control:

Right of Access: You can request details of your personal information we hold. We will confirm whether we are processing your personal information and we will disclose additional information including the types of personal information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your personal information but we may charge you a fee to cover our administrative costs if you request further copies of the same information.

Right of Correction: At your request, we will correct incomplete or inaccurate parts of your personal information, although we may need to verify the accuracy of the new information you provide us.

Right to be Forgotten: At your request, we will delete your personal information if: (1) it is no longer necessary for us to retain your personal information; (2) you withdraw the consent which formed the legal basis for the processing of your personal information; (3) you object to the processing of your personal information (see below) and there are no overriding legitimate grounds for such processing; (4) the personal information was processed illegally; (5) the personal information must be deleted for us to comply with Our legal obligations.

We will decline your request for deletion if processing of your personal information is necessary: (1) for us to comply with our legal obligations; (2) for the establishment, exercise or defense of legal claims; or (3) for the performance of a task in the public interest.

Right to Restrict Processing at Your Request: We will restrict the processing of your personal information if: (1) you dispute the accuracy of your personal information; (2) your personal information was processed illegally and you request a limitation on processing rather than the deletion of your personal information; (3) We no longer need to process your personal information, but you need your personal information in connection with the establishment, exercise or defense of a legal claim; or (4) you object to the processing of your personal information (see below) pending verification as to whether an overriding legitimate ground for such processing exists. We may continue to store your personal information to the extent required to ensure that your request to restrict processing is respected in the future.

Right to Data Portability: At your request, we will provide you free of charge with your personal information in a structured, commonly used and machine readable format, if: (1) you provided us with your personal information; (2) the processing of your personal information is required for the performance of a contract; or (3) the processing is carried out by automated means.

Right to object: Where we rely on our legitimate interests (or that of a third party) to process your personal information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your personal information for direct marketing purposes.

Right Not to be Subject to Decisions Based Solely on Automated Processing: You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your personal information, unless you have given us your explicit consent or where they are necessary for the performance of a contract with us.

Right to withdraw consent: You have the right to withdraw any consent you may have previously given us at any time. In order to exercise your rights in this section we may ask you for certain identifying information to ensure the security of your personal information. To request to exercise any of the above rights, please contact us at [email protected] We will respond to your request within 30 days or provide you with reasons for the delay.

Usually, we will not charge you any fees in connection with the exercise of your rights. If your request is unfounded or excessive, for example, because of its repetitive character, we may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If we refuse your request, we will notify you of the relevant reasons.

In so far as practicable, we will notify our clients and third parties we have disclosed your personal information with of any correction, deletion, and/or restriction to the processing of your personal information. Please note that we cannot guarantee our clients or other third parties will comply with your requests and we encourage you to contact them directly.

Please note that if you decide to exercise some of your rights, we may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the site.

Right to Complain to a Supervisory Authority: If you are not satisfied with our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.

Maintaining Customer Privacy in Business Relationships with Third Parties

If it is necessary to provide personally identifiable customer or web site visitor information to a third party, NatPay shall insist that the third party adhere to similar privacy principles that provide for keeping such information confidential.

External Links

This site contains links to other sites. NatPay is not responsible for the privacy practices or the content of such web sites.

Changes to this Privacy Policy

We may amend this privacy policy from time to time to reflect changes to our information practices. Our use of personal information we collect is subject to the privacy policy in effect at the time such information is used. If we make material changes in the way we collect or use information, we will notify you by posting an announcement on our site or sending you an email prior to the changes becoming effective.

Contacting NatPay If You Have Questions or Concerns

If you have any questions or concerns regarding this privacy policy, please send us a detailed message to [email protected] or at our mailing address at 3415 West Cypress Street, Tampa, Florida 33607. We will make every effort to resolve your concerns. You may also raise any concerns or complaints with your local Data Protection Authority.

Effective Date: May 25, 2018

Endorsements

ACH Leader

In business since 1991, NatPay remains a top leader in ACH & Document Distribution Solutions processing $76+ billion annually for 171,000+ ACH clients.

Insured & Audited

NatPay is insured through three major insurance carriers, and uses a third-party accounting firm to perform annual audits of its records.

Compliant

NatPay is  HIPAA compliant, and a SSAE 18 (SOC 1) Type 2 examined organization for both ACH and Document Distribution Solutions.