Effective date 07/18/2006

Shift4 is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to build user’s trust and confidence in the Internet by promoting the use of fair information practices. This privacy statement covers the site www.Shift4.com. Because this Web site wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe.

If you have questions or concerns regarding this statement, you should first contact Randy Carr at Shift4 Corporation, either by mail: 1491 Center Crossing Road, Las Vegas, NV 89144,; telephone: (702) 597-2480; or email: privacy@shift4.com. If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed, you should contact TRUSTe at http://www.truste.org/consumers/watchdog_complaint.php. TRUSTe will then serve as a liaison with us to resolve your concerns.

Shift4 Corporation takes the handling of merchant, vendor and partner privacy, security and data protection seriously. We have designed this Privacy Policy to explain how Shift4 Corporation handles information collected from merchants using various methodologies, including those that submit information to Shift4 Corporation through the Internet via Shift4.com or our DOLLARSON THE NET® service.

Shift4 Corporation retains the right to update, revise, and modify this policy as the needs of our merchants, vendors and partners change, and as Shift4 Corporation makes modification and enhancements to its product offerings. If additional clarification regarding this Privacy Policy is required, please email privacy@shift4.com. You can expect a response within one business day or sooner.

Scope

This Privacy Policy covers Shift4 Corporation's treatment of all information in its care collected from merchants, vendors and/or partners that utilize Shift4 Corporation’s products and/or services.

Collection, Use and Storage of Information

Shift4 Corporation collects information from merchants, development vendors, and/or partners when accounting, billing, or setup information is required in order to create configuration for service accounts. Additional information may be collected when contractual negotiations occur. Shift4 Corporation may from time-to-time receive personally identifiable information (PII) from its merchants, development vendors, and/or partners.

Shift4 Corporation, depending on the type of business conducted or service offered, may ask for standard contact information consisting of name, business name, street address, telephone number(s) and e-mail address(es). We do not share this personally identifiable information with anyone. You can expect to be contacted via e-mail when you submit your contact information for the services requested. If for any reason you would like to change this contact information, please contact us at myaccount@shift4.com. Additional information may also be required, such as merchant account information used for merchant setups, as well as information such as DDA (“bank account”) and/or credit card number for billing and account purposes.

When processing consumer transactions (credit card, debit card, electronic check, ACH, etc.), Shift4 Corporation’s systems receive from the merchant or financial institution information related to said transaction. The information required by Shift4 Corporation’s systems consists of that which is normally required for the financial institution to perform the merchant requested operation for that particular transaction, or any information that may be required by Shift4 Corporation in order to perform a merchant requested value added service. No information is collected directly from the merchants’ customers (i.e. consumers, cardholders, check writers, etc.).

Shift4 Corporation uses the collected information to process financial transactions on behalf of the merchant, to perform internal and external facing accounting functions, and perform all other processing services for which we have been contracted. Shift4 Corporation may also send merchants system alerts, fraud alerts, system status information, newsletters, notifications regarding upgrades or additional Shift4 Corporation product offerings. All email communications that merchants receive are service related except for the newsletter. Merchants may opt-out of receiving the newsletter by visiting https://www.shift4.com/ManageOptOut.htm and entering the email address for which they’d like to stop receiving the newsletter or by replying to the newsletter email and changing the subject line to UNSUBSCRIBE. Consumers’ personally identifiable information is used only where required to process a particular financial transaction, to comply with governmental regulations, or to perform the particular merchant requested operation and is not used for any other purpose.

Cookies

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on this site. We do not link the information we store in cookies to any personally identifiable information you submit while on our site.

We use session ID cookies. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close you browser.

Testimonials

Shift4 does post testimonials from merchants on our Web site. We receive permission to post their testimonial and personally identifiable information on our site. If for any reason a merchant would like us to remove their testimonial, they may contact us at marketing@shift4.com or (702) 597-2480.

Minor Policy

Shift4 Corporation processes transactions for merchants and offers transaction processing, aggregation, outsourcing, and facilitation services to merchants and vendor developers and does not offer services or sell products to minors. Shift4 Corporation does not request or knowingly collect personally identifiable information from anyone under the age of 18.

Dissemination of Information

The protection of our merchants and their customers is of paramount importance to Shift4 Corporation and we take the handling of their information very seriously. Shift4 Corporation will only send personally identifiable information to other organizations or institutions when: consent has been obtained to share the information; the sharing of that information is required in order to perform a requested service or obligation; or Shift4 Corporation is required to supply that information to third-parties in order to perform a merchant requested service or obligation (e.g. to a merchant service provider, or security consulting firm).

Shift4 Corporation may also be required to release information in order to comply with federal, state, province or other governmental regulations and statutes, court orders, card association regulations, banking regulations, or other agreements, contracts, etc. In addition, information may be exchanged with other financial organizations in order to assess risk, mitigate fraud, and protect Shift4 Corporation’s rights, property, security, or safety.

Information Security

As a part of the merchant banking system, information security and privacy is critical to our business. Data transport security is encrypted and secured both using Shift4 Corporation’s proprietary DUKPT w/MTE protocol and 128 bit (at a minimum) Secure Sockets Layer (SSL). Shift4 Corporation collects all information and stores that information in electronic form in physically secured data center facilities that are monitored 24/7/365 and that comply with the Payment Card Industry Data Security Standard (PCI DSS). These data centers are on separate portions of the power grid and have different communications connectivity. Each data center meets all of the physical security requirements and hardware and operating system configuration requirements of the National Security Agencies (NSA) C-2 (Orange Book) recommendations.

Shift4 Corporation recommends all customers, vendors and partners follow published and recommended best practices on information security and data protection. Many of these can be found on Shift4 Corporation’s corporate and DOLLARS ON THE NET sites.

Policy Stipulation for European Users

Shift4 Corporation is located in United States in Las Vegas, Nevada. All information that is provided to Shift4 Corporation is transferred to the United States. By providing information to Shift4 Corporation, all individuals consent to the storage and use of said information as described in this Privacy Policy.

Access to Personally Identifiable Information

If your personally identifiable information changes, or if you no longer desire our service, you may update or deactivate it by emailing our Account Management Team at myaccount@shift4.com or by contacting us by telephone or postal mail at the contact information listed below.

Changes to Privacy Policy

Shift4 Corporation reserves the absolute right to modify or remove content from this Privacy Policy at any time and for any reason. If there are material changes made to this policy, or how Shift4 Corporation will use personally identifiable information, Shift4 Corporation will make the changes to this document located off the Shift4 Corporation homepage (www.shift4.com) prior to implementing the change. If additional clarification regarding this Privacy Policy is required, please email privacy@shift4.com. You can expect a response within one business day or sooner.

Shift4 Corporation
1491 Center Crossing
Las Vegas, NV 89144
Tel.: (702) 597-2480
Fax: (702) 597-2499
info@shift4.com
www.shift4.com