Paymerang Website Privacy Policy

Updated: September 30, 2020

Important Information

Paymerang LLC takes privacy very seriously and are committed to protecting your data. The policies set forth in this Privacy Notice are for the use of the Payment Automation and Invoice Automation services offered through our online application and email/phone-based customer support (collectively, the “Service”) which is owned and maintained by Paymerang, LLC (“Paymerang,” “we” or “us”).

This Notice is provided to help you better understand how we collect, use, disclose, and protect all your data including but not limited to your Nonpublic Personal Information (“NPI”), Personally Identifiable Information (“PII”), and Protected Health Information (“PHI”).

By using the Service, you are accepting the practices described in this Privacy Notice. If you access or continue to use the Services, you are therefore agreeing with the data practices provided in this Privacy Notice.

What Information Do We Collect?

Paymerang collects different kinds of information.  Some information is personally identifiable, which means information that identifies, or could be used by or on behalf of Paymerang to identify, an individual.  Additionally, some information is aggregated or non-identified (“Usage Data”), which helps us to understand usage trends, consider new features, or otherwise enhance the Service.  The types of information we receive or collect include:

 

Vendor information:  In using the Services, Paymerang’s Clients will provide a list of vendors they conduct business with and wish to be able to make payments to via the Service, including, but not limited to, vendor names, contact names, addresses, phone numbers, and email addresses. If the Vendor opts to receive electronic payments from Paymerang, we may receive additional personal information of the Vendor’s authorized users and the Vendor’s financial account information. We also receive certain remittance information from the Client and/or Vendor required to make the necessary payments with the Paymerang Service.

Client and Prospective Client Information:  When you register for or seek to use our Service for yourself or on behalf of your organization as a Client, we receive:

  • Personal information, including but not limited to, the names of your employees and authorized users, addresses, phone numbers, and email addresses;
  • Related information, including but not limited to, the Client’s name, tax identification number, website, and Bank account information;

Log data:  We collect certain information automatically and store it in log files, including internet protocol address, browser, operating system, and date/time stamp.  We use this information to analyze usage trends, administer and maintain the Service, support audit requests, or track activity within the Service.

 

Usage data:  We collect information about how you interact with the Service including the date and number of times you log in.

 

Device information:  We may collect information about the device you’re using the Service on, including what type of device it is, what operating system and browser along with the versions of each you’re using, and device settings.

Geo-location information:  We may determine your approximate location using IP addresses received from your browser or device.

Cookies:  Paymerang uses cookies to recognize your device and provide an optimal Service functionality.  These session-based cookies have short expiration windows and are automatically deleted when you log-out of the Service.  You can manage the use of cookies at the individual browser level; however, if you reject cookies, your ability to use some features of the Service may be limited.  Paymerang does not currently recognize or respond to browser initiated Do Not Track signals.

Paymerang uses a vetted third-party authentication service for each use of the secure Service online application functionality where third-party cookie use is required for the session.

Our use and disclosure of your data

Depending on the Service our Client may engage us to provide, Paymerang may have access to Protected Health Information (“PHI”) governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), Nonpublic personal information or financial information governed by the Gramm-Leach-Bliley Act (“GLBA”) and payment card data (“PCD”) covered by the Payment Card Industry Data Security Standards (“PCI DSS”) in order to provide our service obligations to our clients.

Paymerang uses your information for the following:

  • Providing the Service. We use information you provide to identify and authenticate you in order to deliver the Service and process payments via the Service.
  • Contact and communication about, and use of, the Service. We use your information to respond to problems, questions, or concerns or to otherwise contact you about the Service.
  • Improving content and functionality of the Service. We use your information to analyze usage trends to consider new features or otherwise enhance the Service.
  • Any other purpose with your consent.

HIPAA: HIPAA establishes national standards for the protection of PHI in the United States. Paymerang provide services as a business associate (“BA”) and transmits, processes, or stores data that can be classified as PHI for a client that is a Covered Entity or BA under healthcare privacy regulations (“BA Agreement”).

We may use PHI for payment or patient refund processing and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the HIPAA Privacy Rule.

In the event that PHI must be disclosed to a subcontractor, we will ensure that the subcontractor or third parties agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards. We may use PHI to report violations of law to appropriate federal and state authorities.

GLBA: Under the GLBA’s definition, Paymerang is a “financial institution” and therefore required to comply with the GLBA. Provisions of the GLBA Safeguards Rule define and control how financial institutions handle and destroy an individual’s personal information. The GLBA Privacy Rule also requires financial institutions to give customers written privacy notices explaining how they use and share private financial information. Paymerang complies with the GLBA Safeguards Rule and the GLBA Privacy Rule.

Paymerang may disclose your information to our third-party service providers for the following business purposes:

  • To support the information technology services provided to you;
  • For customer service management;
  • To handle check printing and processing on our behalf; and
  • To process payment file, issue invoices, make payments on behalf of our clients to their respective vendors.

When we disclose your personal data for a business purpose, we enter a contract that requires that all third-party processors process your NPI, PII, PHI data with the same level of protection and in a manner consistent with the uses agreed upon in this Notice.

Paymerang does not sell (as such term is defined in the California Consumer Privacy Act) your personal information, nor have we sold personal information in the past 12 months. This policy extends to your PHI, NPI, and PII data.

Safeguards

We use appropriate safeguards to prevent the use or disclosure of PHI, NPI, PII, and PCD other than as provided for in the Service Agreement.

We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of all sensitive information/data that we create, receive, maintain, or transmit on behalf of our Client considered to be a “Covered Entity” under HIPAA regulations and all other client we provide services on its behalf.

Data quality, access and corrections

If Paymerang collects data as a processor or service provider, Paymerang will make reasonable efforts to keep personal data accurate, complete and up to date as is necessary to fulfill the purposes for which the information is to be used. Unless Paymerang is permitted or required by law to prohibit access, upon receipt of your written request and by providing enough information to permit us to verify your identity, Paymerang will disclose to you the specific pieces of personal data we collected about you, as well as its source, purpose, and category of third parties with whom we shared and for which we may made a charge, if excessive, repetitive, or manifestly unfounded.

Upon request, we will follow our internal policy and procedures necessary to correct, amend or delete any personal data that is inaccurate and notify any third-party recipients of the necessary changes. You may update any information you have given to us by contacting us at the address given below.

You have the right to request the deletion or restriction of your personal data in certain circumstances as provided by applicable law. We will not discriminate against you for the exercise of these rights. Requests to delete personal data are subject to any applicable legal and ethical reporting, any legitimate business purpose that necessities retention, or document retention obligations imposed on us.

If Paymerang collects personal data as a processor or service provider, Paymerang relies on its clients to supply Paymerang with accurate, complete and up-to-date information. Paymerang makes reasonable efforts to maintain the integrity of the data within its online Services as necessary to fulfill the stated purpose for which the information is used. If a request for personal data is submitted to Paymerang by an individual, Paymerang, in its role as a processor or service provider will direct the individual to the client for access.

Retention

Paymerang will retain information we process on behalf of Clients and Vendors for as long as your account is active or as needed to provide the Service, whichever time period is shorter.  We may further retain and use this information as necessary to comply with our legal obligations, resolve disputes, maintain accurate accounting, maintain our industry standards and certifications, financial and other operational records, and enforce of our agreements.

Privacy Notice Changes

We may make changes to this Privacy Notice at our sole discretion at any time. We encourage you to periodically review this Privacy Notice to stay informed about our collection, processing, and sharing of your Personal Data. Your continued use of this App after we make changes to the Privacy Notice is deemed to be acceptance of those changes.

Questions

If you have questions about this privacy notice or practices, please contact us by email at privacyoffice@paymerang.com, by phone at 804-361-6019, or at our mailing address below:

7401 Beaufont Springs Drive, Suite 300

Richmond, VA 23225