Protecting your privacy is the cornerstone of our company’s values.
Your trust is important to us, and we want to ensure that your personal information is protected.
This Privacy Policy describes how Mesh Payments Inc. (together with its affiliated companies – “Mesh“, “we“, or “us“) collects, stores, uses and discloses personal data when you interact with us, including when you visit or interact with any of our linked websites (“Sites”), participate in any of our events, interact with any of our online ads and content, emails, sales and marketing channels, integrations or communications under our control (collectively, the “Commercial Engagements”).
It also describes how you can control or exercise your rights related to your personal information.
Our products, including our Mesh virtual cards, SaaS platform(s) and other financial management tools (collectively, the “Services”) are not covered by this Privacy Policy. The processing by Mesh of company data such as any personal information that you submit to us for processing to provide the Services is covered by the commercial agreements, including data processing agreements, that Mesh has with the respective Business Customer of such Services.
This Policy do not apply to any personal information we collect or process in our capacity as an employer, co-employer, or employer of record. For information we collect as part of the applicant process, please see our Applicant Privacy Policy.
Moreover, this Policy does not apply to any third-party applications or services that are used in connection with our Services, or any other products, services or accounts provided by other entities under their own terms of service and privacy policy (collectively, “Third-Party Services”).
Please review this Privacy Policy carefully, and please use the information herein to make informed choices. If you have any concerns or questions about our privacy practices, please feel free to contact us. By accessing the Sites, registering for an account, making a purchase from us or any other Commercial Engagement, you are agreeing to all of the terms set forth in this Privacy Policy.
If you do not agree to this Privacy Policy, do not use the Sites, interact with us, or give us any information.
Our Services and our Commercial Engagements are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal data covered by this Privacy Policy, including information about any visitors to our Sites, as pertaining to individuals acting as Business Representatives, rather than in their personal capacity.
You are not legally required to provide us with any personal data. If you do not wish to provide us with your personal data, or to have it processed by us or any of our service providers, please do not provide it to us and avoid any interaction with us or with any of our Services.
Specifically, this Privacy Policy describes our practices regarding:
Data Collection & Processing
Data Uses & Lawful Bases for Processing
How We Share or Otherwise Disclose Your Personal Data
How Long We Retain Your Personal Data
Analytics and Interest-Based Advertising
Data Transfer
Cookies
Data Security
Children’s Personal Information
Your Rights and Choices
When we use the term “personal data” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.
We collect the following categories of personal data, when you interact with Mesh’s Commercial Engagements with respect to the following types of data subjects:
We may collect the following data about Business Representatives and Prospects:
Contact and business details: name, business email, business phone number, position, workplace and professional information, and related business insights, our communications with such individuals (correspondences, sensory information including call and video recordings, and transcriptions and analyses thereof), feedback and testimonials received, contractual and billing details, as well as any expressed, presumed or identified needs, preferences, attributes and insights relevant to our potential or existing engagement, purchasing details including interest and/or purchase history, commercial information, including records of our products or services purchased, obtained, or considered).
Connectivity, technical and aggregated usage data: IP addresses, device data (like type, OS, device id, browser version, locale and language settings used), activity logs, session recordings, inferred or presumed data generated from Commercial Engagements, other internet or electronic network activity information and other device or browser information. We also infer our Business Customers’ needs and preferences, as identified to us or recognized through our engagement with Business Representatives and Prospects.
Information We Collect from Other Sources
We may also obtain information about you from other sources:
We use your personal data as necessary for the following business and commercial purposes and in reliance on the lawful bases detailed in the chart below:
Prospects & Business Representatives Data
Purpose
Lawful basis for processing
To facilitate, operate and provide our Services.
To monitor, study and analyze use of the Services.
To gain a better understanding on how individuals use and interact with our Services, and how we could improve their and others’ experience and continue improving our offerings and the overall performance of our Services.
To provide customer service and technical support.
To support and enhance our data security measures, including for purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity.
To comply with court orders and warrants, and prevent misuse of the Services, and to take any action in any related legal dispute and proceeding.
To comply with applicable laws and regulations.
To contact you with general or personalized Service-related messages, as well as promotional messages that may be of specific interest to you.
To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications.
To explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences.
To facilitate, sponsor and offer certain events, contests and promotions.
To create aggregated data, inferred non-personal data or anonymized or pseudonymized data (de-identified data), which we or our business partners may use to provide and improve our respective services, conduct research, or for any other purpose.
If you reside or are using the Services in a territory governed by privacy laws under which “Consent” is the only or most appropriate lawful basis for the processing of personal data as described herein (in general, or specifically with respect to the types of personal data you expect or elect to process or have processed by us or via the Commercial Engagements, or due to nature of such processing), your continued interaction with our Commercial Engagements means that you have had the opportunity to read and that you accept this Privacy Policy and will be deemed as your consent to the processing of your personal data for all purposes detailed in this Privacy Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at privacy@meshpayments.com.
We disclose personal data in the following ways:
Service Providers: We engage selected third-party companies to perform services on our behalf or complementary to our own. Such service providers include hosting and server co-location services, communications and content delivery networks (CDNs), data security services, billing and payment processing services, fraud detection and prevention services, web and product analytics, e-mail distribution and monitoring services, session or activity recording services, remote access services, content transcription and analysis services, performance measurement, data optimization and marketing services, social and advertising networks, content and data enrichment providers, event production and hosting services, e-mail, voicemails, support, enablement and customer relation management systems, and our legal, financial, privacy and compliance advisors (collectively, “service providers“). Our service providers may have access to personal data, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use the data as determined in our agreements with them.
Service Integrations: Users who chose to do so can login to our Services using third party services, including Google, Microsoft, and Okta. If any such third-party services include the collection of biometric information, Mesh will not receive that biometric information and will not process it. Additionally, using our Services to their fullest extent requires connecting or integrating with third-party services, for example, HR systems, ERP platforms, inventory/procurement systems, CRMs, financial platforms, and more in order to share or receive data, which may include personal data, to present the data in the Services or to enrich the data you are processing using our Services. The provider of this connected or integrated third-party service may receive certain relevant data about or from your account on the Services, or share certain relevant data from your account on the third-party provider’s service with our Services, depending on the nature and purpose of such integration. This could include Business Representative and/or End-User Data. Note that we do not receive or store your passwords for any of these third-party services (but do typically require your API key in order to integrate with them).
Event Sponsors: If you attend an event or webinar organized by us, or download or access an asset on our Sites related to such an event, webinar or other activity involving third-party sponsors or presenters, we may share your personal data with them. Depending on the applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a specific sponsor’s booth. In these circumstances, your personal data will be subject to the sponsors’ privacy statements. If you do not wish for your personal data to be shared, you may choose not to opt-in via the event/webinar registration, or elect to not have your badge scanned, or you can opt-out in accordance with Section 7 below.
Sharing your Feedback or Recommendations: If you submit a public review or feedback, note that we may (at our discretion) store and present your review in our Services. If you wish to remove your public review, please contact us at dponotices@meshpayments.com.
Business Customers: Our customers have access to any personal data we process on their behalf in our capacity as a “processor” or a “service provider”.
Third-Party Services: We may engage selected business and channel partners, resellers, distributors, and providers of professional services in connection with our Commercial Engagements or our Services, which allow us to provide them, including as required by local regulations, and to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences for End-Users, Business Representatives and Prospects. In such instances and in certain cases, you may be required to directly engage with such respective third-party provider and accept its specific terms and privacy policy or we may share relevant contact, identity, and other details at your instruction in order for you to benefit from such third-party services. Such engagement may also be subject to those third parties’ specific terms and privacy policies, depending on the service provided. If you directly engage with any of our third-party providers, please note that any aspect of that engagement that is not directly related to the Services and directed by Mesh is beyond the scope of Mesh’s Terms and this Policy and shall be covered by the third-party provider’s terms and privacy policy.
Legal Compliance: We may disclose or allow government and law enforcement officials access to your personal data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our products and services.
Identity Verification and Validation Services: We disclose information as necessary to verify your identity and perform other compliance functions.
Security, Fraud Detection and Compelled Disclosure: We disclose information to comply with the law, regulations, payment network rules, or legal process, investigate suspicious or potentially fraudulent activity, and where required in response to lawful requests by regulators, law enforcement, Financial Institution Partners and public authorities, including to meet national security, anti-money laundering or law enforcement requirements. We will also disclose information to protect the rights, property, life, health, security and safety of us, the Services, our Business, or anyone else.
Financial Institution Partners: We disclose information to Financial Institution Partners to support their customer identification, risk and compliance programs, and so they can determine eligibility for, and provide, products and services to our business customers, either directly or through us. For example, we may disclose your Contact Information, Identifying Data and other Company information and documentation so a Financial Institution Partner can validate your Company’s eligibility to receive, and deliver, card, payments, and international transfer capabilities through our Services.
Through your use of the Mesh Services, you may be required to directly engage the banking services of Metropolitan Commercial Bank, the credit card services of Visa USA Inc. and the financial services of Nium Pte Ltd and Galileo Financial Technologies. The terms and conditions of any banking, credit card, and financial services you obtain through Mesh services are governed by agreements between you and Mesh, you, Mesh, and the third-party service provider, and a direct agreement between you and the relevant third-party service provider, all as applicable.
When you request to obtain banking/credit/financial services via the Mesh Services, we may share any Business Representative Data required by the relevant related third-party service provider to establish you with such services. We may, likewise, retrieve your banking and transactional information held by these third parties providing Mesh related services to you, strictly as data processors. You will be provided notice and opportunity to review the relevant privacy policies before using any third-party services related to our Services.
Protecting Rights and Safety: We may share personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of Mesh and our employees, any of our Prospects, or our Business Customers or their Representatives, or any members of the general public.
Mesh Subsidiaries and Affiliated Companies: We may share personal data internally within our group, for the purposes described in this Privacy Policy. In addition, should Mesh or any of its subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, personal data may be shared with or transferred to the parties involved in such an event. We may disclose personal data to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal data may also be disclosed in the event of insolvency, bankruptcy or receivership.
Mesh Rewards: We disclose information about you and your Company’s Mesh Account as necessary to determine your Company’s eligibility for rewards and to facilitate the rewards program effectively.
Marketing and Advertising: We disclose information to vendors, platforms, analytics providers and other parties for marketing and advertising related purposes. For more information on our online advertising practices, see the “Analytics and Advertising” section below. If you connect your bank account to your Company’s Mesh Account, we will not disclose your Bank Account Information to market our Business on advertising platforms.
Referrals and Joint Marketing: We disclose information about you and your Company’s Mesh Account to our partners in connection with facilitating referral partnerships or engaging in joint marketing activities. For example, if you or your Company were referred to us through a referral partner, we may disclose information with our referral partner to confirm the status of your application and to calculate the referral fee.
Mergers and Acquisition: We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
With Notice to You and Your Consent: For the avoidance of doubt, Mesh may share personal data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, share or otherwise use non-personal and non-identifiable data at our sole discretion and without the need for further approval.
We retain personal data for as long as we deem it as reasonably necessary in order to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship), all in accordance with our data retention policy and applicable laws.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete or anonymize it for any reason and at any time, with or without notice to you.
If you have any questions about our data retention policy, please contact us by e-mail at privacy@meshpayments.com.
Where permitted under laws applicable to our Business, we use analytics services, such as Google Analytics, to help us understand how users access and use the Website and other aspects of our Business. In addition, we work with agencies, advertisers, ad networks, and other technology services to place advertisements on our behalf on other websites and services. For example, we may place ads through Google, LinkedIn and Facebook that you may view on their platforms as well as on other websites and services.
As part of this process, we may use tracking technologies (including incorporating them into our Website and emails), as well as incorporating into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you (“Interest-based Advertising”).
For further information on the types of tracking technologies we use and your rights and choices regarding analytics and Interest-based Advertising, please see the “Your Rights and Choices” section below. You will continue to see advertising, including potentially from us, even if you opt out of personalized advertising.
Our Business is operated from the United States, with subsidiaries in Israel, the United Kingdom, Netherlands and Singapore.
We maintain primary data centers in the United States.
We and our authorized service providers (further detailed below) maintain, store and process personal data in the United States, Europe, the United Kingdom, Israel, as well as and other locations, in which Mesh Payments, its subsidiaries, affiliates or Service Providers operate – as reasonably necessary for the proper performance and delivery of our Services, for our internal business purposes in the locations where Mesh resides, or as may be required by law.
While privacy laws may vary between jurisdictions, Mesh is committed to protecting personal data in accordance with this Privacy Policy and customary industry standards, including using appropriate lawful transfer mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
For data transfers from the EEA, Switzerland or UK to countries that are not considered to be offering an adequate level of data protection, we have entered into Standard Contractual Clauses as approved by the European Commission, FDPIC and UK Information Commissioner’s Office (ICO) reference 2010/87/EU prior to September 27, 2021, 2021/914 thereafter, or any subsequent final version thereof that shall automatically apply. You can request to obtain a copy by contacting us as indicated in Section 12 below. For further information on these transfers and the relevant appropriate safeguards, please see the “Additional Disclosures for Data Subjects in the European Economic Area, Switzerland and the United Kingdom” section below.
We and our service providers use cookies and similar technologies to enable our systems to recognize your browser or device, to provide our Services, and to improve your experience. To learn more about our practices concerning cookies and tracking, please see our Cookie Policy. This notice also describes how you may opt out of the use of personal information stored in cookies, such as browser cookies, for targeted or cross-contextual behavioral advertising.
We have implemented industry-standard physical, administrative and technical security measures, designed to protect your personal data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. Our security procedures mean that we may request proof of identity before we disclose personal information to you.
However, we cannot guarantee that our Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
You are solely responsible for protecting your credentials, limiting access to your devices, and signing out of websites after your sessions.
If there is any unexpected activity or inaccurate information or if you have reason to believe that your information is no longer secure, or if you have any questions about our security, please contact us by e-mail at security@meshpayments.com.
View our Security page to learn more about the specific security controls we have put in place to safeguard your information.
We do not provide our Services to children. We do not knowingly collect personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children under 13. We also do not knowingly “share” or “sell,” as those terms are defined under the California Privacy Rights Act, the personal information of minors under 16 who are California residents. If you are a parent or guardian and believe we have violated this provision, please contact us at the address stated under the “How to Contact Us” section below.
Region-Specific Rights. In addition to these rights and choices, you may have additional rights based on your region. For region-specific terms, please see the bottom of this Policy.
Mesh Services are intended for use by business customers, and you may only use a Mesh Account if you are an employee or other Authorized User of a Company that has opened a Mesh Account. The information in a Company’s Mesh Account is governed by our Agreement with the business customer. You should direct questions about Personal Information we are processing on behalf of a Company to that Company’s administrators. If you are an Authorized User, you may also be able to access, update, or delete certain information within your Company’s Mesh Account through the Services, provided that the Company and its administrators are responsible for determining how that data is processed.
We engage in service and promotional communications, through e-mail, phone, SMS and notifications.
Service Communications: We may contact you with important information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. Please note that you will not be able to opt out of receiving certain service communications which are integral to your use of some of our Services (like password resets or billing notices).
Promotional Communications: We may also notify you about new features, additional offerings, events, special opportunities or any other information we think you will find valuable, as our Business Customer and Business Representative or Prospect, subject to any necessary collection of your consent as appropriate based on applicable laws. We may provide such notices through any of the contact means available to us (e.g., phone, mobile or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.
You can opt out of receiving promotional communications from us at any time by following the instructions as provided in emails to click on the unsubscribe link or by sending an e-mail to: dponotices@meshpayments.com.
Cookies and Pixels. Most browsers and devices accept cookies by default. The Help feature on most browsers and devices will tell you how to prevent your browser or device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
Please note that if you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), you may also clear the opt-out cookies installed once you opt-out, so an additional opt-out will be necessary to prevent additional tracking.
Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com. Note that if you are a California resident, you may exercise your right to opt-out of sales or sharing through preference signals. Please visit the “Additional Disclosures for California Residents” section below for details.
Please be aware that if you disable or remove tracking technologies some parts of our Services, Website and Business may not function correctly.
Analytics and Interest-Based Advertising. We use the web analytics tool Google Analytics. You may opt out of online behavioral advertising on the Internet by visiting the Network Advertising Initiative, or the Digital Advertising Alliance opt-out pages. You may also opt out of online behavioral (sometimes called “interest-based” or “cross-contextual”) advertising on your mobile device by some mobile advertising companies and other similar entities by downloading the App Choices App. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb.
The companies we work with to provide you with targeted ads in connection with our Business are required to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; and (ii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices . Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants’ other customers or from other technology services). Any such targeted advertising will only be carried out to the extent that it is permitted by applicable law.
Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. Except as required by applicable law, we are not responsible for the effectiveness of, or compliance with, any opt-out options or programs, or the accuracy of any other entities’ statements regarding their opt-out options or programs.
The Services and our business may change from time to time. As a result, it may be necessary for Mesh to make changes to this Privacy Policy. Mesh reserves the right to update or modify this Privacy Policy at any time.
Any changes will become effective when we post the revised Privacy Policy on this page. All amendments shall be deemed accepted by you. In the event consent is required based on where you reside, you will be asked to consent prior to being allowed to access our Services subsequent to a Privacy Policy update/amendment. This Privacy Policy was last updated to be effective as of the “Last Updated” date indicated at the top. Unless stated otherwise, our current Privacy Policy applies to all personal information we collect, how we use and otherwise process it and under what circumstances we will disclose it to third parties
If you have any comments or questions regarding our Privacy Policy, or if you have any concerns regarding your personal data held with us, please contact Mesh’s privacy team:
By email: privacy@meshpayments.com
By mail: 1350 Broadway, 24th Fl, New York, NY, 10018 USA.
If you have any questions about the Customer Data handled by your Company, please contact your Company’s Data Custodian.
These additional disclosures apply only to California residents and only to the extent applicable.
The California Consumer Privacy Act as amended by the California Privacy Rights Act (“CPRA”) provides additional rights and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights. In the past 12 months, we have collected the following categories of personal information enumerated in the CPRA:
For further details on personal information we collect, including the sources from which we receive information, review the “Information that Mesh Collects” section above. We collect and use these categories of personal information for the business purposes described in the “How We Use Information” section above. We disclose the personal information to the categories of persons set out in the “Disclosure of Information” section above. Please visit those sections for further details.
You have the right to know certain details about our data practices. In particular, you may request the following from us:
In addition, subject to exceptions, you have the right to correct or delete the personal information we have collected from you.
To exercise any of your rights, please contact us at privacy@meshpayments.com and we will send you a privacy request form. We will confirm receipt of your privacy request form and respond to your request within the time limits prescribed by law. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests.
If personal information about you has been processed by us as a service provider on behalf of a business customer, please inquire with the business customer directly to exercise your rights. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal information. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.
We retain each category of personal information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
You can designate an authorized agent to submit requests on your behalf. However, we may require signed proof of the agent’s permission to do so and verify your identity directly. Requests must be submitted through the designated methods listed above.
You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
Under the California Privacy Rights Act (“CPRA”), some marketing activities may be considered a “share” or “sale” even if no money is received for sharing the data. We may share categories of information such as identifiers, characteristics, internet activity, non-precise geolocation data, and inferences with third parties for business purposes, but we do not receive any monetary compensation from those third parties for doing so. The third parties we share with include vendors engaged in cross-context targeted advertising. To the extent that our marketing activities constitute a “share” or “sale” of your personal information, you can opt out. To opt out, you can modify your cookie choices as described in our Cookie Policy or activate Global Privacy Control on all applicable devices.
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclose such information. To exercise a request, please write to us at privacy@meshpayments.com or the postal address set out in “Contact Us” above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please refer to the “Contact Us” section above.
Virginia provides additional rights to Virginia residents through the Virginia Consumer Data Protection Act (“VCDPA”). This section addresses those rights and applies only to Virginia residents acting in an individual or household context.
You have the following rights under the VCDPA:
If personal data about you has been processed by us as a processor on behalf of a business customer and you wish to exercise any rights you have with such personal data, please inquire with the business customer directly. If you wish to make your request directly to us, please provide the name of the business customer on whose behalf we processed your personal data. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.
Mesh may process personal information in accordance with the instructions of or on behalf of a business customer, including when providing Services to a Company under an agreement. In this context, Mesh acts as a processor and the business customer acts as a controller. Mesh may also act as a controller when directly determining the processing of personal information in other Business contexts set out in this Policy, like complying with regulatory obligations applicable to our Business.
Data protection laws in Europe require a “lawful basis” for processing personal information. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or business customers; (b) processing is necessary for the performance of a contract; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.
We may transfer your personal information to our operations in the United States or to our service providers or other third parties in the United States or in other countries – this may involve the transfer of your personal information to countries which have different data protection standards to those which apply in the European Economic Area, Switzerland or the United Kingdom.
Some of these countries are subject to a European Commission and/or UK government adequacy decision. For other countries, Mesh has put in place the relevant European Commission or UK government-approved standard contractual clauses with the relevant third parties to ensure that your personal information is protected with appropriate safeguards. We may also rely on other permitted data transfer mechanisms.
You may have certain statutory rights relating to your personal data. Subject to applicable law, you may have the right to access and rectify your personal data, to require us to erase your personal data or to transfer it to other organizations, and to object to the processing of your personal data. Where we process your personal data because we have a legitimate interest in doing so (as explained above), you may have a right to object to this. You may also have the right to restrict processing of your personal data in certain circumstances. These rights may be limited in some situations, for example, where we can demonstrate that we have legitimate grounds to process your personal data. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different from those for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any processing of your personal data which we do based on consent you have provided to us.
To exercise any of your rights, please contact us at privacy@meshpayments.com and we will send you a privacy request form. We will confirm receipt of your privacy request form and respond to your request within the time limits prescribed by law. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests. If your personal data has been processed by us as a processor on behalf of a business customer and you wish to exercise any rights you have with such personal data, please inquire with our business customer directly. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal data. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.
Please note that we retain personal data for as long as necessary to fulfill the purposes for which it was collected from you and/or our business customers, and may continue to retain and use your personal data for purposes of our legitimate interests and/or as necessary to comply (or demonstrate compliance with) with our legal/regulatory obligations, resolve disputes, prevent fraud, and enforce ur rights.
We hope that we can satisfy any queries that you may have about the way we process your personal data. However, if you have any issues with our compliance, you may contact us at privacy@meshpayments.com. You can lodge the complaint in the country where you reside, where you work or where any alleged infringement of data protection law occurred.
Subject to limited exceptions under applicable Canadian law, you may have the right to access, update, correct inaccuracies in, and withdraw consent (subject to reasonable prior notice and applicable legal and contractual restrictions) to the collection, use and disclosure of your personal information. If you withdraw your consent, we may not be able to provide our Website, Services or other aspects of our Business. To exercise any of these or other rights applicable to you under Canadian privacy laws, please contact us as set out in the “Contact Information” section below. We may require specific information from you to help us confirm your identity and process your request.
If personal information about you has been processed by us on behalf of a business customer and you wish to exercise any rights you have with respect to such personal information, we encourage you to inquire with our business customer directly. If you are a resident of the province of Quebec, please note that we transfer and store personal information outside of the province. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we process your personal information, and we may refer your request to that business customer. We will assist our business customers in responding to your request.
We are committed to protecting personal information and have implemented policies and practices that govern our treatment of personal information, including:
If you have any questions or comments about this Privacy Policy or the manner in which we or our service providers (including our service providers outside Canada) treat your personal information, to withdraw your consent, or to request access to or correction of your personal information, please contact us at privacy@meshpayments.com.
Controller of Personal Information. MeshPay US Inc., 1350 Broadway, Suite 2400, New York, NY 10018, is the data controller for the personal information covered by this Privacy Policy.
Processing. The Brazilian General Data Protection Law (“LGPD”) requires a legal basis for our use of personal information. Our basis varies depending on the specific purpose for which we use personal information. We use personal information for the following legal bases:
Your Rights. Subject to applicable law, you have the right to:
If you wish to do any of these things, please contact us at the address stated under “Contact Us” above, stating the country in which you are located.
Transfers outside of Brazil. We may transfer personal information from Brazil to other countries that may not have the same level of data protection that applies in your jurisdiction. In these cases, we use a variety of legal mechanisms to ensure that the recipient of your personal information offers an adequate level of protection, or where required, we will ask you for your prior consent.
MeshPay US, Inc. (together with its affiliated companies Mesh“, “we“, “our” or “us“) uses certain web monitoring and tracking technologies, such as cookies, web beacons, pixels tags, clear GIFs, mobile identifiers, and Java scripts (collectively, “Cookies”). These technologies are used in order to provide, maintain, and improve our website (the “Website or Web Services”), to optimize our offerings and marketing activities, and to provide our visitors and users (“you”, “your”) with a better experience (for example, in order to track your preferences, to better secure our Website, to identify technical issues, and to monitor and improve the overall performance of our Website).
This Cookie Policy contains information on Mesh’s cookie practices. If you are unable to find the information you were looking for, or you have any further questions about the use of Cookies on our Website, please email support@meshpayments.com.
Our Services and in turn our Web Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal data covered by this Cookie Policy as pertaining to individuals acting as business representatives, rather than in their personal capacity.
For more information about our general privacy practices, please visit our Privacy Notice.
Cookies are small files containing a string of characters that are stored through the browser on your computer or mobile device (for example, Google Chrome or Safari) when you visit a website. You can think of cookies as providing a so-called memory for the website, so that it can recognize you when you come back and respond appropriately.
Cookies may be set by us (first-party cookies) or by third party providers who work with us (third-party cookies), either for the duration of your visit (session cookies) or for longer periods (persistent cookies). The length of time a persistent cookie stays on your device varies between cookies.
Please note that our access and control over such third-party cookies, beyond the scope of our Website, is limited and subject to such other websites and providers’ own terms and policies.
You are not obligated to accept all Cookies in order to visit our website, however, enabling Cookies may allow for a more personalized browsing experience and is required for most of our Website to work.
Mesh uses Cookies to enable and constantly improve the service being delivered to you. Cookies, both first and third party, are typically categorized as one of the following:
To learn more about the specific cookies we use and how we categorize them, please click the ‘cookie settings/preferences’ button available on our website’s footer and/or inside the cookie banner. You can always modify your cookie preferences, in accordance with the laws and regulations in the location from which you are accessing our Website, by re-opening the cookie settings and modifying your selection.
We use cookies to help our website and online pages work, or work more efficiently, as well as to provide us with various information on your interactions and activities with our website and online pages.
Our use of functional and analytics cookies aims to monitor, study and analyze the use of our Website, and how we could improve individuals’ user experience and continue improving our offerings and the overall performance of our Website; to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences.
Our use of advertising cookies aims to facilitate and optimize our marketing campaigns, ad management and sales operations, and manage and deliver advertisements for our products and Website more effectively, including on other websites and applications.
We may combine non-personally identifiable information collected through cookies with other Personal Data that we have about you to improve your user experience, for example, to tell us who you are or whether you already have an account with us.
We may also supplement the information we collect from you with information received from third parties in order to enhance our Website, or to offer you information that we believe may be of interest to you.
Where we use Cookies to collect information that is personally identifiable or that can become personally identifiable if we combine it with other information, the Privacy Notice will apply in addition to this Cookie Policy.
If you are in the EEA, Switzerland, the UK or the US: You have a right to decide whether to accept or decline Cookies, except for Strictly Necessary/Essential Cookies. We will not set non-essential Cookies unless you enable them. When first visiting our website, you may encounter our cookie banner, which allows you to control your cookie preferences. You can change your cookie choices anytime by clicking the ‘cookie settings/preferences’ button available on our website’s footer and/or inside the cookie banner.
Other locations, including those noted above: Most browsers have certain cookie control features (usually located in the ‘options’ or ‘preferences’ menu of your browser), which will (depending on your browser settings) allow you to decide how to handle each new cookie in a variety of ways, provide you with the ability to delete all cookies that are already on your computer and to prevent cookies from being placed.
You can also change your mobile device settings (e.g., iPhone, iPad, Android phones) to control whether you see online interest-based ads.
Please note that any such changes may result in you having to manually adjust some preferences every time you visit the Website and some functionalities may not work.
In addition, most advertising networks offer individuals from the US (www.aboutads.info/choices), Canada (www.youradchoices.ca/choices), EU (https://youronlinechoices.eu/) or UK (https://ico.org.uk/for-the-public/online/cookies/) a way to opt-out from the collection of their data by advertising partners who participate in the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA) and the European Digital Advertising Alliance (eDAA). This does not opt you out of being served advertising entirely, as you will continue to receive generic advertisements.
Our Website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”) which is based on Cookie technology. The information generated by the Cookie is usually sent to and stored in a Google server in the USA. On behalf of Mesh, Google will use the generated information to evaluate your use of the website, to compile reports on website activities, and to provide the website operator with additional Website connected with website and Internet use. The IP address transmitted by your browser in connection with Google Analytics is not collated with other data by Google. We have also taken measures to anonymize such IP address and to limit its retention period by default. Further information about the privacy practices Google Analytics is available at www.google.com/policies/privacy/partners/. Further information about your option to opt-out of Google Analytics is available at https://tools.google.com/dlpage/gaoptout.
Your browser settings may also allow you to transmit a “Do Not Track” signal when you visit various websites. Not all browsers offer a Do Not Track option and there is currently no industry consensus as to what constitutes a Do Not Track signal. Whilst we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, you can manage your cookies preferences, including whether or not to accept them and how to remove them, through your browser settings and our Cookie Banner as instructed above. Please bear in mind that disabling cookies may complicate or even prevent you from using the Website. To learn more about “Do Not Track” signals, you can visit http://www.allaboutdnt.com/.
We may need to change this Cookie Notice from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons. Please revisit this Cookie Notice regularly to stay informed about our use of cookies and related technologies. If you use our Web Services after any changes to the Cookie Notice have
This Applicant Privacy Policy (“Policy”) describes how Mesh Technologies Inc., MeshPay US Inc., MeshPay UK ltd, MeshPay EU B.V. and their affiliates (“Mesh”, “Company”, “we”, “us” and “our”) collect, uses, and disclose information about individuals who are applicants for engagement with Mesh as an employee, contractor, consultant, and other contingent worker of the Company (hereinafter “Applicants”, and “you”).
We may update this Policy from time to time. We may also provide you additional privacy policies regarding our collection, use or disclosure of information, as applicable. When we update this Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if, and where, required by applicable data protection laws.
You can see when this Policy was last updated by checking the “Effective Date” displayed at the top of this Policy. We encourage you to check back here periodically in order to be aware of the most recent version of this Policy.
This Policy does not apply to the Company’s handling of data gathered about Applicants arising from their role as a user of Company products and services. When interacting with the Company in that role, the Mesh Privacy Policy associated with the relevant service applies.
Please read this Policy and any other privacy policies carefully.
Mesh collects, stores, and uses various types of personal information through the application and recruitment process. Mesh collects such information either directly from Applicants or (where applicable) from another person or entity, such as an employment agency or consultancy, background check provider, or other referral sources.
The categories and specific Applicant personal information Mesh may collect and/or process are:
Mesh collects, uses, shares, and stores personal information from job applicants for the operational purposes of Mesh and its service providers in the recruitment and hiring process such as those listed below.
Purpose: RecruitmentProcessing applications; tracking applications through the recruitment process; evaluating applicants for current and, as permitted by applicable laws, future job opportunities, (including matching skills and interests to applicable job requirements); making hiring decisions.
Examples of personal information that may be processed: Information concerning your application. This includes: your personal details, education and qualification details; as well as any relevant recordings e.g. of your interview. We also process: our assessment of your application; the fact of your application and our record of it, your references; any checks Mesh may make to verify information provided or background checks (including criminal and credit history); any tests required for your position; and any information connected with your right to work. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements. This may also include potentially legally protected classification information to the extent required or as permitted by law; and indirect identification information (such as publicly available social network profiles you provide).
Grounds for processing, if applicable under law: Legal obligation, Legitimate interests.
Purpose: Contacting you or others on your behalf.
Communicating with applicants throughout the hiring process; contacting references / beneficiaries with Applicant authorization; (as permitted by applicable laws) contacting you in the future about other opportunities if you are not hired.
Examples of personal information that may be processed: Your address and phone number; emergency contact information and relevant beneficiaries / references. In case you authorize us to contact beneficiaries and references, you warrant that you have their authorization to provide their personal information, and you are responsible for informing them the terms and reasons for which we will contact them and, if applicable, the processing of their personal information in accordance with this Policy, as well as the means to access the full content thereof.
Grounds for processing, if applicable under law: Consent, Contract, Legitimate interests.
Purpose: Verifying your residency and right to work
Examples of personal information that may be processed: Information including your citizenship; passport data; and details of residency or work permit.
Grounds for processing, if applicable under law: Legal obligation.
Purpose: Supporting and managing any health concerns
Examples of personal information that may be processed: To the extent required or permitted by local law, information concerning your health, including self-certification forms, fit notes and medical and occupational health reports.Grounds for processing, if applicable under law: Contract, Legal obligation, Legitimate interests, Vital interests.
Purpose: Physical and system security
Examples of personal information that may be processed: Information used in detecting security incidents, debugging and repairing errors, and preventing unauthorized access to our computer and electronic communications systems (including biometric identification information) and preventing malicious software distribution; and monitoring.
Purpose: Internal AnalysisUnderstanding the applicants who apply and to improve the Company’s recruitment and interviewing process
Examples of personal information that may be processed: Information related to your experience as a Mesh applicant (e.g. via applicant feedback surveys) including: your name; title; unit/department applied for; and location.
Grounds for processing, if applicable under law: Legitimate interests.
Purpose: Monitoring of diversity and equal opportunities
Examples of personal information that may be processed: To the extent required or permitted by local law, information on your nationality, racial and ethnic origin, gender and gender pronouns, sexual orientation, religion, disability and age.
Grounds for processing, if applicable under law: Legitimate interests, Consent.
Purpose: Disputes and legal proceedingsThe Company may sometimes need to use applicant information for legal purposes, such as in connection with any challenges made to Mesh’s hiring decisions.
Examples of personal information that may be processed: The Company may sometimes need to use applicant information for legal purposes, such as in connection with any challenges made to Mesh’s hiring decisions.
Grounds for processing, if applicable under law: Legitimate interests, Legal obligation.
Purpose: Compliance with any other legal requirements
Examples of personal information that may be processed: Information relevant to our tax records, auditing requirements.Information about Union membership, professional association membership, and licensure-related organizational memberships.
Grounds for processing, if applicable under law: Legal obligation.The following purposes are considered secondary purposes under applicable data protection laws: (i) evaluating applicants for future job opportunities; and (ii) contacting you in the future about other opportunities if you are not hired. If you do not want your personal information to be processed for these secondary or accessory purposes, you may reach out to the People team and opt-out at hr@meshpayments.com.
We may also use personal information for any other legally permitted purpose (subject to your consent, where legally required).
As identified in the table above, under EU and UK data protection laws, there are various grounds on which we can rely when processing your personal information. Similar grounds may apply outside the EU and UK, or some grounds may be inapplicable in some jurisdictions, e.g., Mexico. In some contexts, more than one ground applies. We have summarized these grounds as Contract, Legal Obligation, Legitimate Interests, Vital Interests and Consent and outline what those terms mean below.
Term: ContractGrounds for processing: Processing necessary for performance of a contract with you or to take steps at your request to enter a contractExplanation: We need your personal information to perform a contract for services with you. This covers carrying out our contractual duties and exercising our contractual rights.
Term: Legal ObligationGrounds for processing: Processing necessary to comply with our legal obligationsExplanation: Ensuring we perform our legal and regulatory obligations in particular in the area of labor and employment law, social security and protection law, data protection law, tax law, and corporate compliance laws. For example, providing a safe place of work and avoiding unlawful discrimination.
Term: Legitimate InterestsGrounds for processing: Processing necessary for legitimate interestExplanation: We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data.
Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.
This includes:
Term: Vital InterestsGrounds for processing: Processing necessary to protect your vital interests or those of another personExplanation: We may use your information where it is necessary to protect your or someone else’s life, physical integrity, or safety. This could include providing law enforcement agencies or emergency services with information necessary to protect health or life in an emergency circumstance (e.g. if you have a medical emergency at one of our offices and paramedics request information about your allergies / diabetes / etc.).
Term: ConsentGrounds for processing: You have given specific consent to processing your dataExplanation: In general, processing of your data in connection with employment will not be conditional on your consent. However, there may be occasions where we do specific things such as contacting a referee, seeking to monitor diversity or obtaining medical reports and rely on your consent to our doing so.
Certain information we collect may be “sensitive Personal Information”, “special category data” or otherwise sensitive under the data protection laws applicable to your country. Any such processing is undertaken in compliance with applicable laws.
For US Residents, except where you provide such information voluntarily on your resume or in your application, or for the purpose of requesting an accommodation during the recruitment process, or if you provide government identification or driver’s license information, we do not collect personal information that is considered “sensitive” under applicable law during the recruitment process. We do not use or disclose such information other than for disclosed and permitted business purposes for which there is not a right to limit under the applicable law.
For EU and UK residents, if we process special category data (or criminal conviction data) about you, we will make sure that one or more of the following legal grounds applies: (i) you have provided your explicit consent; (ii) the processing is necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorized by law or collective agreement; (iii) the processing protects your or our legitimate interests and relates to data about you that you have made public (e.g. if you tell us that you are ill); (iv) the processing protects your or our legitimate interests and the processing is necessary for the purpose of establishing, making or defending legal claims; or (v) the processing is necessary to protect you or someone else’s vital interests (e.g. if you have a medical emergency at one of our offices office and paramedics request information about your allergies / diabetes / etc.). Further, we will ensure that any processing satisfies the additional “conditions for processing” under local laws including:
Sensitive Personal Data: Criminal HistoryConditions for processing: Performing or exercising obligations or rights which are imposed or conferred by law on you or us in connection with employment, social security or social protection. Protecting the public against / regulatory requirements relating to unlawful acts and dishonesty.
Sensitive Personal Data: Union membership informationConditions for processing: Insurance purposes, Occupational Pensions
Sensitive Personal Data: Biometric informationConditions for processing: Preventing Fraud
Sensitive Personal Data: Health information and gender informationConditions for processing: Assessment of the working capacity of an applicant
Sensitive Personal Data: Religious or philosophical beliefsConditions for processing: Identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained
Sensitive Personal Data: Racial/ethnic origin, sexual orientation, and/or disability statusConditions for processing: Identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained. As part of a process of identifying suitable individuals to hold senior positions in a particular organization, a type of organization or organizations generally.
Mesh will disclose the personal information of applicants to the following types of entities or in the following circumstances (where applicable):
Service Provider: Checkr and HireRightServices: Background check / Verification ServicesPersonal data: Name, Email, Phone, Home address, Gender, Birth month and day, Social Security Number, Social Media details
Service Provider: GreenhouseServices: Applicant Tracking SystemPersonal data: Name, Email, EEOC, Pronouns, Resume, Phone Number, Email, Address (City, State, Country)
Service Provider: LinkedInServices: Sourcing ToolPersonal data: Name, Email, Location
The personal information we collect from Applicants, including any sensitive personal information voluntarily provided by Applicants, and, subject to the terms of the applicable law, will be retained until we determine it is no longer necessary to satisfy the purposes for which it was collected and our legal obligations. In determining how long to retain information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we process the personal information and whether we can achieve those purposes in other ways, the applicable legal requirements, and our legitimate interests.
For example, we will keep certain information about former applicants (e.g. your address and phone number) for as long as necessary for our legitimate interests in keeping this information as part of our organizational history and to confirm the facts of your recruitment with us and to comply with law. The purposes we process information (as well as the other factors listed above) may dictate different retention periods for the same types of information. For example, applicant names in email headers may be kept indefinitely depending on the nature of the email.
We may also retain certain information to deal with and resolve requests and complaints (for example, if there is an ongoing dispute surrounding Mesh’s hiring decisions this information would be retained until the legal claim had been concluded); or to protect individuals’ rights and property (for example, we will retain information about a data subject access request for five years after the request is dealt with in case there is a subsequent complaint and the information is needed to demonstrate how the request was handled).
California residents have certain rights regarding their personal information. Subject to certain exceptions, if you are a California resident, you may request:
You also have the right not to be discriminated against (as provided for in California law) for exercising your rights.
Exceptions to Your Rights: There are certain exceptions to these above rights. For instance, we may retain your personal information if it is reasonably necessary for us or our service providers to provide a service that you have requested or to comply with law or to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for that activity.
Exercising Your Rights: To exercise one of the rights above, you may contact us as provided below.
We will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.
California law places certain obligations on businesses that “sell” personal information to third parties or “share” personal information with third parties for “cross-context behavioral advertising” as those terms are defined under the California Consumer Privacy Act (“CCPA”). We do not “sell” or “share” the personal information covered by this Policy and have not done so in the twelve months prior to the effective date of this Policy.
Your data protection rightsMeshPay EU B.V. is the data controller for EU and UK resident applicants. Individuals located in the EU and UK have certain rights regarding their Personal Information.
Some of these rights apply generally, while others will only apply in certain circumstances. Depending on the scenario, these rights may be subject to some limitations. MeshPay EU B.V. will be responsible for responding to your request within the relevant periods provided by law. If necessary to resolve your request, MeshPay EU B.V. will liaise with other Mesh entities.
To exercise any of your rights see specific instructions below or contact us using the contact details provided under “How to Contact Us About This Policy” heading below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or provide additional information so that we can understand your request.
Automated decision-makingIn some instances, our use of your personal data will result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically based on a computer determination (using software algorithms), without any human review. For example we may use automated decisions for:
When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting us using the contact details provided under the “How to Contact Us About This Policy” heading below.
International Data TransfersIn some cases, where your personal data is transferred to another Mesh company or third parties, it is processed in countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, we are headquartered in the United States and may use service providers that operate in the United States and other countries. Therefore, we may transfer your personal information to recipients outside of the UK and EU. Some of these recipients are located in countries which have been formally recognized as providing an adequate level of protection for personal information by the Secretary of State in the UK and the European Commission in the EU, in which case, we rely on the relevant “adequacy decisions”.
Where the transfer is not subject to an adequacy decision or regulations, we take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy and applicable laws by entering into appropriate data transfer mechanism permitted under Article 46 of the UK GDPR, such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum.
Our Standard Contractual Clauses entered into by our group companies and with our third party service providers and partners.
Nothing in this Policy shall be construed as limiting or restricting applicants from properly exercising any rights or entitlements under applicable federal, state, or local laws and regulations. To the extent anything in this Policy may conflict with any applicable law, such law will control.
Nothing in this Policy shall be construed as conferring any contractual right, either express or implied, to employment with Mesh.
If you have any questions or concerns about our use of your personal data, please contact us at privacy@meshpayments.com.
If you believe that Personal Information has been breached, please contact the Security Team immediately at security@meshpayments.com.
I have read this Policy and give my express consent for my personal information to be processed in accordance with the provisions therein by submitting my application and associated information on this date.
To request our DPA, please email the Mesh Privacy team at privacy@meshpayments.com
By using this website you agree to our cookie policy.
