RocketGate PR, LLC Privacy Policy
This Privacy Policy was last updated June 7, 2024.
This Privacy Policy details our handling of personally identifiable information (“Personal Information”) submitted to or otherwise collected by us via our website(s), mobile application(s), and/or in the course of providing payment processing, payment security, customer service, and fraud management solutions and services (collectively the “Services”) to Internet merchants. We will use and disclose Personal Information in accordance with the terms of this Privacy Statement.
I. Purposes for which RocketGate PR, LLC Processes Personal Data
A. Categories of Data Subjects Whose Personal Data is Processed/Transferred
RocketGate is a data processor that processes goods or services purchase transactions on behalf of online merchants from whom consumers initiate and wish to complete an online purchase of goods or services. Such information may, as applicable, consist of:
· Consumer billing address
· Consumer first name
· Consumer last name
· Credit card CVV/CVC/CVC2
· Consumer email address
· Credit card expiration date (month and year)
· Consumer password
· Consumer username
· Consumer phone numbers (cell or other)
· Name of credit card account holder
· Credit card account number
· PIN number
· Routing number
· Cardholder authentication verification value
· Consumer IP address
B. RocketGate’s Accountability for Data Transfers to Third Parties
RocketGate does not transfer your personal data to any third party controllers.
RocketGate sometimes uses sub-processors (agents) in providing its services to merchants. Before transferring personal data to any third party, RocketGate first enters into a contract with the third party that provides that such personal data will only be processed for a limited and specified purpose, that the third party will provide the same level of protection as the DPF Principles, and that the third party will notify RocketGate if it makes a determination that it can no longer meet this obligation. Upon such notice RocketGate will take reasonable and appropriate steps to stop and remediate unauthorized processing and will provide a summary or representative copy of the relevant privacy provisions of its contract with that sub-processor (agent) to the Department of Commerce upon request.
When we transfer DPF-covered information to a third party acting as our agent, we remain liable if the agent processes such personal information inconsistent with the DPF Principles, unless we can establish that we are not responsible for the event(s) causing damage.
C. How We Use Personal Data
The categories of Personal Data that are Processed/transferred, are those necessary to complete the consumer’s purchase from the online merchant, as follows:
1. Consumer places order with merchant online store and proceeds to checkout, merchant forwards to RocketGate some or all of the payment information listed above;
2. Rocketgate (payment gateway) collects the payment information and sends it as SSL-encrypted to the processing bank for authorization;
a. If Discovery or Amex, processing bank serves as acquiring bank;
b. If Visa or Mastercard, the processing bank forwards the information;
i. Visa or Mastercard captures 3D security and forwards to acquiring bank;
3. Acquiring bank authorizes or declines the transaction;
4. Response flows to the merchant;
a. Transaction success – displays transaction ID;
b. Transaction fail – displays reason for failure.
D. Use of Cookies
We use certain tools to collect information about users browsing our website. These tools use cookies that are small text files that are stored on a user’s computer hard drive. The cookies are used, among other things, for fraud reduction or for security purposes. We also use cookies to recognize customers or a previous visitor of our website to pre-populate website forms.
To find out more about cookies, including browser-specific instructions on how to restrict or block cookies, go to http://www.allaboutcookies.org. Remember, though, without cookies, users may not be able to take full advantage of all our functionality.
E. How we use Personal Information
Usage and disclosure of Personal Information varies based on a party’s relationship with us. We primarily use this information to provide the Services and related features and to:
· Facilitate the processing of payment transactions
· Respond to requests and inquiries
· Provide support services
· Send Internet merchants administrative information when necessary
· Analyze and monitor Services usage and to make improvements
· Help secure the Services, prevent fraud and enforce our policies
· Help personalize our Services
· Comply with our financial regulatory and other legal obligations
F. How we share Personal Information
We never sell or barter Personal Information. We only share Personal Information as described in this policy with trusted service providers (sub-processors, or agents) in order to provide our Services. Specifically, we may share Personal Information:
· As necessary to perform the Services and to complete payment transactions on behalf of Internet merchants
· With service providers (sub-processors) that help us to operate our business by providing services such as fraud screening, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services
· With third parties that have contracted with us to perform certain functions on our behalf
· To comply with law or other legal obligations such as responding to subpoenas, or other requests from public and government agencies, including laws and other legal obligations outside a party’s country of residence
· To protect our rights, operations or property, or that of our users
· To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of the Service’s terms and conditions
· With consent
Please note that any information posted to public areas such as on our social media pages may be seen by other visitors.
G. Choices
Users can choose not to provide us Personal Information when they use our website(s) or mobile application(s). However, if the information request is not identified as optional and a user chooses to not provide required Personal information, then the user may not be able to use the features of the website or mobile application.
Users can configure their browser to reject cookies, or to notify when a cookie is set. However, if you reject cookies, the RocketPay wallet may not operate properly.
We must offer Users the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the User.
By derogation to the previous paragraph, it is not necessary to provide choice when we discloe to a third party that is acting as an agent to perform task(s) on our behalf and under our instructions. We have entered into contracts with all such agents.
For sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex lifr of the individual), we must obtain your affirmative express consent (opt in) if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by you through the exercise of opt-in choice. In addition, we must treat as sensitive any personal information we receive from a third party where the third party identifies and treats it as sensitive.
We act as a processor for merchants who collect your information for purposes of your purchase of goods or services. We do not disclose your information to any third parties other than sub-processors (agents) used in processing your information for the purposes for which you gave it to the merchant. We have contracts with our sub-processors ensuring proper handling of your information. We treat your information as sensitive.
H. Accessing or editing Personal Information
We may be contacted at privacy @ rocketgate.com to request deletion of, access to, or that we update, or correct the Personal Information collected by us or Internet Merchants using our Services. Please note, that consistent with local law, we may retain Personal Information for auditing purposes, to troubleshoot problems, assist with investigations, enforce our policies or comply with legal requirements. Please note that we are not responsible for permitting the review, or the updating or deleting Personal Information provided to a third-party, including any mobile application, social media platform, or wireless service provider.
I. Retention period
We will retain Personal Information for the period necessary to fulfill the purposes outlined in this policy unless a longer retention period is required or permitted by applicable law or regulation.
J. What are your rights?
Depending on your local laws, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact us if you wish to exercise any of these rights. If you wish to complete an access request to all personal data that RocketPay has on you, please note that you will be required to prove your identity.
II. Affirmative Commitment to Comply with Data Privacy Framework
RocketGate complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RocketGate has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RocketGate has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
III. Alternative Dispute Resolution for Complaints and Recourse
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RocketGate commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain circumstances you may invoke binding arbitration. This arbitration option is available to an individual to determine, for residual claims, whether a participating organization has violated its obligations under the Principles as to that individual, and whether any such violation remains fully or partially unremedied. This option is only available for these purposes. For further information about the scope of, and procedures involved in invoking, binding arbitration please visit the DPF article here.
IV. Investigatory and Enforcement Jurisdiction
RocketGate is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
V. Means We Offer Individuals to Limit the Use and Disclosure of Personal Data
RocketGate undertakes to respect the confidentiality of personal data and to guarantee you can exercise your rights.
You have the right under this Privacy Policy, and by law if You are within the European Union, the United Kingdom, or Switzerland, to:
· Request access to Your Personal Data. The right to access, update or delete the information We have on You. Please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
· Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
· Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
· Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
· Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
· Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.
You may exercise your rights of access, rectification, cancellation and opposition by contacting RocketGate. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, RocketGate will try its best to respond to you as soon as possible.
VI. How to contact us regarding your privacy concerns and questions
If you have questions or comments about our privacy practices, or if you want us to correct your Information that is stored on our systems, please submit your request in writing to:
OR
ROCKETGATE PR LLC
425 Carr. 693, PMB 260
Dorado, PR 00646
Subject to our ability to verify your request, we will correct the information within thirty (30) days of receipt of your request.