“We”, “Us”, and “Our” refers to Trintech, and “You” and “Your” refers to Subscriber, Customer, or Licensee as defined in the Agreement. Each may also be referred to individually as a “Party” or jointly as the “Parties.”
Trintech is committed to the security and protection of Your data. Our Acceptable Use Policy, and applicable federal, state, and local laws and regulations require Us to limit the kinds of data We receive from You. Payment and financial information, personally identifiable information, health information, and other types of similar data are considered sensitive and afforded additional protections by law (collectively “Sensitive Data”). This Data Acceptance Policy is designed to provide reasonable guidance to You regarding Your use of the Services and the provision of Your Sensitive Data.
Generally, Sensitive Data should not be provided to Us unless the data is necessary for the use of the Services. Any Sensitive Data you provide to Us must comply with this Data Acceptance Policy. This policy is for the mutual benefit, control, and security of both You and Us.
We have two classifications for Sensitive Data. Please review these classifications and associated requirements carefully to ensure You understand Your obligations regarding Your Sensitive Data and Your use of the Services.
Class 2 Data
Class 2 Data includes bank account numbers, credit card batch level processor information, gift card batch level processor information, lottery numbers, money order numbers, disbursement data, general ledger account information (balances), and other similar kinds of data (“Class 2 Data”). You may share Class 2 Data with Us if the data is encrypted in flight and at rest. Class 2 Data will be considered Class 3 Data, as described below, when used in combination with other information that enables the identification of an individual. You are responsible for compliance with this Data Acceptance Policy and the Class 2 Data You provide to us.
Class 3 Data
Class 3 Data includes Sensitive Data other than data classified as Class 2 Data above (“Class 3 Data”). Class 3 Data may not be shared with Us unless masked so that the original data is no longer accessible. If You are unable to mask Your data, Our personnel can help You configure a script on a fee basis. The script used to mask the data will not be supported by Us once completed and provided to You. You are responsible for compliance with this Data Acceptance Policy and the Class 3 Data You provide to Us. All Class 3 Data must follow the masking requirements in Table 1 below.
TABLE 1 – Examples of Class 3 Data and standard masking requirements:
|Class 3 Data Type||Masking Requirement(s)|
|Credit Card Numbers, (online / offline) Debit Card Numbers||Mask all but the first 25% and the last 25% of the characters.E.g., masking for a 16-character number would not mask the first 4 and last 4 characters.|
|Personal Identification Numbers (PINs), Passport Numbers, Driver’s License, or State, or Federal, or Country-Issued Identification Numbers, Customer Account Numbers (e.g., 401K, etc.)||Mask all characters|
|Social Security Numbers||Mask all but the last 4 characters|
|Any data containing information that may identify a particular individual, whether singularly or in combination, such as name, home street or city address, date of birth, telephone number, etc.||Mask all characters. (Home zip code may be unmasked.) All other – dependent on data.|
We cannot control Your organization’s policies, practices, or conduct relating to the security and control of Sensitive Data, nor can We control the type of data You provide to Us while using the Services. We will not be responsible or liable to You or any third party for any Sensitive Data you may provide to Us in violation of this Data Acceptance Policy. Please refer to Our security terms in the Agreement for more information on how We protect Your data.
Version: May 2019