Protecting your privacy is important to us. We hope the following information and policies help you understand how the Merchant Risk Council collects, uses, and safeguards the information you provide to us on or through our website located at: merchantriskcouncil.org or when you otherwise interact with us through our Website, app, or registration platforms (collectively, the "Website").
The Merchant Risk Council agrees with the spirit and principles of the EU General Data Protection Regulation (GDPR) and is extending its protections to all users, regardless of region.
1. THE INFORMATION YOU PROVIDE TO US
As a Merchant Risk Council membership subscriber or an event attendee, or when signing up for MRC updates via email, we require your first and last name, email address (which also serves as a user name), job title, company name or organization, and company address. We also ask you to assign a password for yourself. Other business information is optional. If you are logging in from outside the United States, your information will be transferred to and stored in the U.S.
In addition, when you interact with the Website, our servers may keep an activity log that does not identify you personally. Generally, this information is collected though "traffic data." We collect and store certain administrative and traffic information viewed, software crash reports, type of browser used, and the type of device you are using to access this Website.
2. HOW WE USE THE INFORMATION
The Merchant Risk Council collects and stores information for these purposes:
- To list your company or organization as a Merchant Risk Council subscriber who supports our fraud prevention standards.
- To e-mail you notices of upcoming reports, newsletters, events, and updated information.
- To help us better tailor our offerings to the preferences and needs of our members.
- To provide our members with resources and, if you consent, allow vendors to contact you with useful information.
- To respond to your comments, questions, and requests, and provide customer service.
- To send you technical notices, updates, security alerts, and support and administrative messages.
- Detect, investigate, and/or prevent fraudulent, unauthorized, or illegal activity.
The Merchant Risk Council uses the data we collect to operate our organization and provide you with the services we offer, which includes using data to improve our offerings. We may also use the data to communicate with you to inform you about your account and our offerings. However, we do not use what you say in any service contacts to us to target information to you.
We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. We also share data with MRC subsidiaries, vendors working on our behalf, or when required by law or to respond to legal processes. These entities have access to the personal information needed to perform their functions and are contractually obligated to maintain the confidentiality and security of that personal information. They are restricted from using, selling, distributing, or altering this data in any way other than to provide the requested services.
3. USERS IN THE EUROPEAN ECONOMIC AREA ("EEA") and SWITZERLAND
If you are a resident of the EEA or Switzerland, the following information applies with respect to personal data collected through your use of the Website.
a. Purposes of Processing and Legal Basis for Processing
As explained above, the Merchant Risk Council processes personal data in various ways depending upon your use of the Website. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide the Website services; and (3) as necessary for our legitimate interests in providing the Website services where those interests do not override your fundamental rights and freedom related to data privacy.
b. Right to Lodge a Complaint
Users that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.
c. Your Rights
You are entitled to the rights under Chapter III of the EU General Data Protection Regulation or Section 2 of the Swiss Federal Act on Data Protection with respect to the processing of your personal data, which include the right to access and rectify your personal data and to request erasure of your personal data. To exercise these rights, contact email@example.com.
4. How to Access and Control Your Personal Data
a. Right of Access
If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data. Subscribers can view and edit Personal Data in the MRC Member Portal at: https://mrc1.force.com/member/Landing_Page
b. Right to Rectification
If your Personal Data is inaccurate or incomplete, you are entitled to have it corrected or completed. Subscribers can view and edit Personal Data in the MRC Member Portal at: https://mrc1.force.com/member/Landing_Page. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal data so that you can contact them directly.
c. Right to Erasure
You may ask us to remove your personal data. To request removal, please email the Merchant Risk Council at: firstname.lastname@example.org. If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal data so that you can contact them directly.
5. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We will retain information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with our services or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion or anonymization is possible.
A cookie is a small string of text that a website can send to your browser. A cookie cannot retrieve any other data from your hard drive or pass on computer viruses. In general, cookies may be used to optimize websites, enable a user to keep items in a shopping cart, or to facilitate advertising.
If you are just browsing the merchantriskcouncil.org Website and are not a registered user, you do not have to accept a cookie and you may still continue using the Website. However, in order to access the portion of the site that requires a password, you must accept the Website's cookies as they are essential for site administration and security. If you do not want your browser to accept cookies, you can change this preference within your browser. You can learn more about setting or changing cookies preferences for Apple Safari, Google Chrome, Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox, or Opera by visiting the Apple, Google, Microsoft, Mozilla, or Opera Software websites.
7. USE OF THE SITE BY CHILDREN
Our Site is not specifically targeted to children, we do not actively solicit information from children, and we do not knowingly collect personal information from children without proper parental consent. If you believe that we may have collected personal information from someone under the applicable age of consent without parental consent, please write to us at the physical address set forth below in the section "Inquiries" or email email@example.com and we will promptly address the issue.
8. CALIFORNIA RESIDENTS
California residents may request certain information pursuant to California Civil Code Section 1798.83 regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org with "Request for California Privacy Information" in the subject line and in the message.
10. YOUR INFORMATION IS SECURE
The Merchant Risk Council takes reasonable precautions in order to protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction, using recommended industry security architecture. While we try our best to safeguard your personal information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.
Phone: (206) 364-2789
Mail: 600 Stewart St. Suite 720
Seattle WA 98101
Last updated: May 24, 2018