Digital Retail Apps SelfPay®

Privacy Policy

Digital Retail Apps Inc. (“Digital Retail Apps“, “DRA“, “we” and “our“) is committed to maintaining the privacy and security of the Personal Information (as defined below) of all of our customers and employees. As a part of that commitment, DRA has implemented this Privacy Policy to apply to the SelfPay® app (“SelfPay®“) and to the DRA website (the ” Website“), so that you know what information about you we collect, why we collect it, how we use that information and the choices we offer, including how to access and update information. Your privacy matters to us, so please do take the time to get to know our practices.

Your use of or access to SelfPay® and the Website indicates your acknowledgment of this Privacy Policy and consent to the collection, use and disclosure of your Personal Information in accordance with this Privacy Policy. This Privacy Policy was last updated on July 8, 2016.

If you have any questions about this Privacy Policy, please contact us at:

Digital Retail Apps
80 St. Clair Ave. West, Suite 1
Toronto, ON, Canada, M4V 1N3
Attention: Privacy Officer

Email: [email protected]

Telephone: +1 (855) 994-4771

Purpose

We at DRA may collect, store and disclose some or all of the following information from users of SelfPay® and our website for the purposes of providing a better in-aisle mobile payment and shopping user experience, to aggregate user data to better understand general shopping patterns and report them in an aggregate, unidentifiable form, to retailers, brands and market researchers. We may also keep track of and use your shopping history to provide you with relevant product offers and suggestions and payment method offers and suggestions, such as new payment card or payment methods, options or offers. We may also disclose and transfer your Personal Information in the course of a potential or actual merger, sale or acquisition of our business.

Personal Information

“Personal Information” as used in this policy means information about an identifiable individual, such as your name, your login credentials, your email address, shopping history, location of your device, payment method selected (such as your issuing bank card), your Account Password and Payment PIN, your tokenized card numbers, your merchant social media or retailer branded in-store shopping page interactions, and includes non-personal information that we link to Personal Information.

How We Collect Data

Personal Information may be collected through a variety of methods including:

– Interactions such as in-app field text entry or scanning and/or purchasing items within the SelfPay® app

– Data entered in while in-app through the use of a third party application programming interface (“API“) such as that used to enter in payment card data through the use of the device camera

– Data generated through use of the mobile device via device-native features such as location information

– Permissions to link the SelfPay® account with third parties such as social media services

We give you options to share your Personal Information and disable certain types of data sharing while in-app, but the lack of available information to SelfPay® may limit the features and capabilities of the app. If the data collected originates with a third party such as a social media site or the device itself such as social media login credentials, it is bound by the privacy policy of said service or device.

Data Collected, Storage and Use

A variety of data is collected that relates to the identity of the user, login credentials, payment method and card data, location of the device, shopping history, retailer social media accounts and in-store shopping page interactions through the use of SelfPay®. We do not employ cookies.

User Identity

Digital Retail Apps may collect data relating to your name, email address, device ID and location. This information is used to create an account for use with SelfPay®, to contact you for in-app product and payment method suggestions or promotions, or as a method of verifying payment method credentials against the information stored with the payment method provider. This data is stored securely in our server database. You may change your email address within the SelfPay® app. Any name changes must be made by contacting our Privacy Officer at [email protected].

Login Credentials

Login credentials involve your creation of a username in the form of providing your email address, creating a SelfPay® password (the “Account Password”), and a 4-digit PIN used at payment in the SelfPay Wallet when using your bank issued credit card or credit card branded debit card (the “Payment PIN”). These are all entered in by the user on the mobile device. The login credentials are stored securely on the DRA server, to be verified through an Internet connection. The Payment PIN is also stored securely on the mobile device. The login credentials are used to make it more convenient for the user to sign in to the SelfPay® app the next time. The Payment PIN is required to add, edit or delete a payment card or method, and to use a payment card or method at checkout. You may change your email address, Account Password and Payment PIN all within the SelfPay® app. We recommend that you also implement a secure password on your mobile device to lock it to protect it from unauthorized access and to protect the information, passwords and PINs stored on your device.

To change your Login credentials, see “Updating Personal Information” below, for more information.

Payment Method and Card Data

When the user chooses to add a payment card or method into SelfPay® Wallet, the user enters his/her Payment PIN, the card number, expiry date, CVV number and name on the card for payment cards. DRA will never see or store the user’s entire 16-digit payment card number. This information (other than the Payment PIN) will be encrypted and securely transmitted to Beanstream Internet Commerce Inc. (“Beanstream”), #302-2659 Douglas Street, Victoria BC, V8T 4M3, a trusted payment gateway company in the payment card industry, where it will be safely and securely stored on PCI Level 1 compliant servers, and will be only accessed upon request by the user when making a purchase using the SelfPay® app at a participating SelfPay® retailer, and will be used solely for the purposes of filtering and directing the purchase requests to the payment processor selected by the Merchant for your purchase. Beanstream is bound by confidentiality agreements. A copy of the Beanstream privacy policy can be found here.

Redacted card numbers consisting of a maximum of the first 6 and last 4 numbers of a user’s payment card, and expiry dates, are stored safely and securely with DRA in our server database and on the user’s mobile device protected behind the Payment PIN.

This payment card or method data is stored with DRA and the external payment provider until the user deletes the payment method, closes his/her account or the payment method expires.

Location of Device

DRA, through the SelfPay® app, collects data relevant to your mobile device location. This data is collected through the use of location services being turned on in the mobile device settings and is used for security purposes to identify the user present for the payment method, to notify the user that they are nearby a supported retail location, and to open the retailer branded in-store shopping page or the main navigation page on SelfPay® based on the user’s location. You cannot shop without turning your location on. If you don’t turn on your mobile device location services, you won’t have SelfPay® app functionality and you will not be able to shop or buy anything using SelfPay®.

The location data history of the mobile device while in SelfPay® is stored on the DRA server until the user deletes his/her account.

Shopping History

DRA, through the SelfPay® app, collects data relevant to a user’s shopping history such as products or services browsed or purchased, participating retail locations visited while in app, payment card brand and issuing bank, and uses that data for the purposes of providing a better in-aisle mobile payment and shopping user experience, to aggregate user data to better understand general shopping patterns and report them in an aggregate, unidentifiable form, to retailers, brands and market researchers. We may also keep track of and use your shopping history to provide you with relevant product offers and suggestions and payment method offers and suggestions, such as new payment card or payment process options or offers. User shopping history is stored securely on the DRA server until the user deletes his/her account.

Retailer Social Media Accounts

You may link a participating retailer’s social media account to SelfPay®, which will take you outside of the app, and you can use your mobile browser to open the participating retailers’ social media pages, such as Twitter, Facebook and Pinterest. Once outside SelfPay®, we are not responsible for, nor do we endorse or have any control over, those social media pages or their content or any information collected by those pages, and any use of those pages or sites is at your own risk. The manner in which any posts are made or data is collected on those pages, are governed by the privacy policies and terms of the respective retailer.

Links to Third Party Sites

At times, SelfPay® or the DRA website may provide links to other websites. Digital Retail Apps is not responsible for the content or privacy practices of these websites. This policy applies only to the services of and data collected by the SelfPay® app and the DRA Website.

Third Party Usage

Digital Retail Apps may share some non-sensitive app usage and browsing data in an anonymous manner with third party partners. This data may be shared with retailers and brands, but it may not be used to contact the user outside regular in-app use. While third parties may receive some data relating to general purchase habits and scan histories in aggregate, they will never receive the user’s Personal Information and will not be able to contact the user outside of regular app use. Some payment data however, may be shared with payment service providers for reasons relating to fraud prevention.

DRA may preserve or disclose your information (including, but not limited to, your Personal Information), in order to cooperate fully with local, provincial and federal officials in any investigation relating to any purported unlawful activity.

DRA may disclose and/or transfer Personal Information to a third party in the event of a proposed or actual sale, merger or other transfer of the assets or shares of DRA, an affiliate or division thereof, provided that the third party agrees to adhere to the principles expressed in this Privacy Policy and the Personal Information does not constitute all or substantially all of the assets being transferred.

Protection, Retention and Destruction of Personal Information

All data except for that relating to that which is already shared with other parties or that which is required to be stored by law or as part of payments best standards may be deleted in a confidential manner by closing the user’s SelfPay® account. DRA will take commercially reasonable efforts to ensure that Personal Information collected is protected against loss and unauthorized access. Personal Information is collected and stored in a secure manner as required by DRA.

Updating or Deleting Personal Information

If you feel that you need to update or delete your Personal Information for any reason, please send an email detailing the request to [email protected]. Once we receive your request, we will take reasonable steps as required by and in compliance with all applicable laws, to update or delete any Personal Information you have submitted. If you wish to have your Personal Information deleted, we will need to disable your SelfPay® account to do so. Some information may need to be retained by law as reasonably required for tax, record keeping and evidentiary purposes. Subject to such data retention requirements, your Personal Information will be deleted from the DRA servers once all liability relating to payments made using old credentials expires.

Changes

DRA reserves the right to change this Privacy Policy at any time without notice by posting an updated version on the Website. The Privacy Policy posted at any time shall be deemed to be the Privacy Policy then in effect, and any revised versions shall be effective at the time we post such versions to the Website. In addition, if any revised version includes a substantial and material change, we will provide you with 30 days’ prior notice by posting notice of the change on the “Policy Updates” page of the Website.

© 2013-2017 Digital Retail Apps Inc.

SelfPay® is a registered trademark of Digital Retail Apps Inc.