Privacy Policy

Last Updated: 12 Jan 2018

This Privacy Policy describes and governs the collection, storage, processing and use  of your personal data by Mesh Payments Inc. (hereinafter: “Mesh Payments”, “we”, “us”, “our”) whenever you apply for and/or use our secure data transmission and data processing for multiple business-to-business payment methods (hereinafter: “Services”), as provided on our website www.meshpayments.com (hereinafter: “Website”); and/or communicate with us via e-mail, telephone, fax and social media (hereinafter: “Social Media Channels”; e.g. Facebook, LinkedIn and Twitter). By using our Services, Website and/or Social Media Channels, you are agreeing to this Privacy Policy. If you do not agree to the terms in this Privacy Policy, you must cease any further access the Website and Social Media Channels and must cease any further use of the Services.

If you have questions about this Privacy Policy, which to make a complaint to us in relation to a breach of your privacy or would like to update or correct your personal data held by us, please contact us by email at support@meshpayments.com.

NOTE: If you want information on how we process personal data via cookies and social plug-ins on our Website, you are kindly referred to our Cookie Policy

  1. In General
    1. Your personal data are processed by Mesh Payments Inc. 251 W 30th St, New York, New York 10001, USA. You can contact us via e-mail at support@meshpayments.com.
      This is the entity responsible for the processing of your personal data as covered in this Privacy Policy.
    2. Any notion starting with a capital shall be defined by explicit reference in this Privacy Policy. Where possible given the context, singular words shall be interpreted as also including the plural and vice versa.
      To make sure we have the same understanding of what is written here, it is important that certain notions are interpreted in the same way by you and by us.
    3. Where reference is made to certain laws or regulations, such reference shall also include any change, replacement or annulment of said laws or regulations, including any related executive decisions.
      Laws tend to change from time to time, and we want to make sure that this Privacy Policy remains in line with any such changes.
    4. Mesh Payments reserves the right to modify, change or amend this Privacy Policy at its own discretion and from time to time. Such modification, change or amendment shall be communicated via the Website. If you do not accept the modifications, changes or amendments, you are to inform us by sending an e-mail to support@meshpayments.com. If we do not receive such an e-mail from you within three (3) business days after the changes to the Privacy Policy have been announced in a visible manner on our Website, you will be deemed to have unambiguously accepted all such changes.
      As any company, changes in laws, market circumstances, interests etc. may require us to change our Privacy Policy from time to time to ensure that it remains accurate. If this happens, you are kindly asked to take note of the changes and to agree with them if you find them acceptable.
    5. Mesh Payments collects, stores and discloses data as a service to the User, including personal data from you and about you from various sources to provide our Services and to manage our Website. “You” may be a visitor to our Website or a user of our Service, (“User”).
      This Privacy Policy explains how we collect personal data from you, even if that personal data is not obtained directly from you.
  2. Types Of Personal Data We Process
    1. Here we explain which types of personal data we collect in any case whenever you visit our Website and Social Media Channels.
      Whenever you visit our Website and Social Media Channels, we may collect:

      • technical information associated with the browser and device you use, such as your IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Website you are visiting;
      • usage data, such as time spent on the Website, pages visited, links clicked, language preferences, and the pages that led or referred you to our Website;
      • information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services, for which we use Google Analytics or similar tools.
    2. Here we explain which types of personal data we collect when you create an account on our Website.
      When you register an account on our Website, we will collect:

      • your identity information, including your full name, physical business address, email address, date of birth and government identifiers associated with you and your organization (such as your tax number, or Employer Identification Number), and any other data we may require under applicable law (such as anti-money laundering legislation);
      • and account information, including your log-in credentials.
    3. Here we explain which types of personal data we collect when you actively seek to contact us or want us to contact you.
      When you respond to Mesh Payments emails or surveys, fill out our online form to contact our sales team, give us your business card or contact details at conferences or other events, or contact us via e-mail, telephone, fax or Social Media Channels, we may collect:

      • the basic identity information you provide us with, such as your full name, work email, phone number, country, and anything else you tell us about your project, needs and timeline;
      • the content of your communication and the technical details of the communication itself (with whom you correspond at our end, date and time, etc.), including anything else you tell us about your project, needs and timeline;
      • your preferences regarding receiving our e-mail communications, such as newsletters, promotions, advertisements, etc.
      • publicly available information of your profile on Social Media Channels;
      • any other personal data you choose to provide to us.
    4. Here we explain which types of personal data we collect when you apply for a job with us. 
      When you apply for a job via e-mail, we collect and process the following categories of personal data:

      • personal identification data (e.g. name, e-mail address);
      • the content of your communication and the technical details of the communication itself (with whom you correspond at our end, date and time, etc.);
      • any attachments you send us, such as your CV.
    5. Here we explain which types of personal data we collect when you use our Services.
      When you use our Service, we may collect:

      • personal identification data (e.g. name, e-mail address) including, where applicable, business information (e.g. business name, address, etc.);
      • transaction information (including purchase amount and date or purchase), whether received from the User directly or otherwise;
      • payment method information (such as credit or debit or prepaid card number, or bank account information, depending on the payment method used).
  3. Purposes For Which Mesh Payments Uses Your Personal Data
    1. Mesh Payments processes your personal data to provide you the Service in a personalized and efficient way with the Website, e-mail, telephone, fax and Social Media Channels, and for overall customer management.
      We first and foremost collect and process your personal data to provide you with the things you request by surfing to our Website, log in once registered, or when you interact with us.
    2. Mesh Payments will enter into a contract with you to provide its Services. This contract requires us to process certain personal data.
      We have to process certain personal data to provide you with our Services.
    3. Mesh Payments processes your personal data mentioned in clause 2.4 above specifically to allow you to apply for a job with us.
    4. We will also process your personal data when you apply with us for evidence purposes, so that we may defend ourselves in possible ensuing legal or other proceedings.
    5. Mesh Payments processes your personal data to perform statistical analyses so that we may improve our Website, our Services or develop new Services.
    6. Mesh Payments processes your personal data to comply with legal obligations or to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities. Your personal data may be transferred upon Mesh Payments own initiative to the police, financial intelligence units, or the judicial authorities as evidence or if there are justified suspicions of an unlawful act or crime committed by you through your registration with or use of the Website, our Social Media Channels or other communication with us.
      From time to time we may be legally required to transfer your personal data to governmental authorities.
    7. Mesh Payments may process your personal data for informing any third party in the context of a possible merger with, acquisition from/by or demerger by that third party, even if that third party is located outside the EU.
    8. Mesh Payments may process your personal data for the preservation of the legitimate interests of Mesh Payments, its partners or a third party if and when your registration with, or use of, the Website, Social Media Channels or other communication channels can be considered (a) a violation of any applicable terms of use or the intellectual property rights or any other right of a third party, (b) a threat to the security or integrity of the Website, (c) a danger to the Website or any of Mesh Payments’ or its subcontractors’ underlying systems due to viruses, Trojan horses, spyware, malware or any other form of malicious code, or (d) in any way hateful, obscene, discriminating, racist, slanderous, spiteful, hurtful or in some other way inappropriate or illegal.
      Here we reserve the right to process your personal data if you use our Website in any way that may harm Mesh Payments or someone else or is illegal.
    9. Mesh Payments may also process your personal data mentioned under clauses 2.1, 2.2 and 2.3 above for marketing purposes, i.e. to provide you with targeted communications, promotions, offerings and other advertisements of Mesh Payments and selected partners, or to invite you to participate in our events or surveys. Using Google AdWords, DoubleClick, AdRoll and other advertising networks, we and certain third parties collect information about your online activities over time and across different sites to provide you with advertising about products and services tailored to your individual interests (this type of advertising is called “interest-based advertising”). Unless you are an existing customer who has already used our services and who we wish to target with our own marketing material,
      Mesh Payments will only send you communications, promotions, offerings, newsletters and other advertisements via e-mail or other person-to-person electronic communications channels if you have explicitly consented to receiving such communications, promotions, offerings, newsletters and other advertisements. You may at any time opt out from receiving future marketing or other communications.
      We want to use your personal data for marketing purposes. This means that we collect information regarding your preferences and interests and use this information to make our marketing material more relevant to you.
      When we want to send you marketing material via e-mail, Social Media Channels or other person-to-person electronic communications channels and unless you are a pre-existing customer, we will first seek your prior approval with receiving our marketing via such channels.
  4. Legal Basis For Processing Your Personal Data
    1. The processing of your personal data for the purpose described in clause 3.3 is necessary for the steps to be taken prior to entering into a contract with you.
      The law requires us to state precisely which legal basis we use to process your personal data, considering the purposes we have listed in the previous article.
      When you send us CV and other data to apply for a job, we need to process your personal data in order to give full effect your application.
    2. The processing of your personal data for the purposes outlined in clause 3.2 is necessary to allow Mesh Payments to carry out its obligations under the contract with you.
      To use our Service, you enter into a contract with us. The provision of these services requires us to process certain personal data.
    3. The processing of your personal data for the purposes outlined in clause 3.6 is necessary to allow Mesh Payments to comply with its legal obligations.
      Sometimes the law obliges us to process your personal data.
    4. The processing of your personal data for the purposes outlined in clauses 3.1, 3.4, 3.5, 3.7 and 3.8, is necessary for the purpose of the legitimate interests of Mesh Payments, which are:
      • being able to appropriately respond to your requests for information and other requests;
      • allowing us to defend ourselves in legal proceedings;
      • continuous improvements to Mesh Payments’ Website, Social Media Channels, products and services to ensure that you have the best experience possible;
      • keeping our Website, Social Media Channels, products and services safe from misuse and illegal activity;
      • safeguarding our commercial and business interests and needs in light of changing market conditions;
      • marketing and promotion of our products, services, brands an overall successful commercialization of our products and services.

      We may also process your personal data for our own legitimate interests, which are mainly concerned with successfully conducting our business as any other company would do.

    5. For processing your personal data for the purposes outlined in in clause 3.9, Mesh Payments as the responsible party asks for your consent.
      By consenting to our processing of your personal data for sending you communications, promotions, offerings, newsletters and other advertisements via e-mail or other person-to-person electronic communications channels, you agree that we are allowed to process your personal data for this purpose in the manner and under the conditions outlined in this Privacy Policy.
  5. Recipients And Transfers
    1. We share personal data with third party business partners when this is necessary to provide our Services to our Users. Examples of third parties to whom we may disclose personal data for this purpose are banks and payment method providers (such as credit card networks) when we provide our Services.
      To perform our Service, some information needs to be transferred to other parties involved in the payment cycle.
    2. Other than the cases provided for in 5.1, Mesh Payments does not send your personal data in an identifiable manner to any third party without your explicit permission to do so. We may share personal data with other Mesh Payments entities in order to provide our Services and for internal administration purposes.
      You understand, however, that if you use our Social Media Channels, your personal data is also processed by the social media providers. You can find more information on how these social media providers process your personal data in their respective privacy policies.
      We do not share your personal data with third parties unless you consent to it or unless we have anonymized your personal data.
      You understand however that when you use Facebook for instance to communicate, Facebook also processes your personal data.
    3. Mesh Payments relies on third party processors for identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These third-party processors are only allowed to process your personal data on behalf of Mesh Payments upon explicit written instruction of Mesh Payments. Mesh Payments warrants that all third-party processors are selected with due care and are obliged to observe the safety and integrity of your personal data. Your use of our Website and Services implies that your personal data are transferred to the United States of America. The United States of America has received an adequacy decision of the European Commission (Commission Implementing Decision (EU) 2016/1250) and is as such considered to be a country which offers adequate protection for your personal data.
      Our Website and Services may be developed, maintained or hosted by third parties. Similarly, we rely on the services of third parties to process your personal data internally.
  6. Quality Assurances
    1. We will not process more personal data about you than we really need for the purposes we have communicated to you. Mesh Payments does its utmost to process only those personal data which are necessary to achieve the purposes listed under the purpose for processing.
    2. Here we explain how long we will keep your personal data in a way that allows us to identify you.  Your personal data are only processed for as long as needed to achieve the purposes which are described above or up until such time where you withdraw your consent for processing them. Note that withdrawal of consent may imply that you can no longer use the whole or part of the Website. Mesh Payments will de-identify your personal data when they are no longer necessary for the purposes outlined in the purpose for processing, unless there is:
      • an overriding interest of Mesh Payments or any other third party in keeping your personal data identifiable;
      • a legal or regulatory obligation or a judicial or administrative order that prevents Mesh Payments from de-identifying them.
    3. We are committed to keeping your personal data safe. Mesh Payments will take the appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by personnel of Mesh Payments or its third-party processors will only be on a need-to-know basis and subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations only, which can never be guaranteed.
  7. Your Rights
    1. You have the right to request access to all personal data processed by Mesh Payments pertaining to you. Mesh Payments reserves the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for causing nuisance or harm to Mesh Payments.
    2. You have the right to ask that any personal data pertaining to you that are inaccurate, are corrected free of charge. If a request for correction is submitted, such request shall be accompanied of proof of the flawed nature of the data for which correction is asked.
    3. You have the right to withdraw your earlier given consent under clause 4.4 for processing your personal data.
    4. You have the right to request that personal data pertaining to you will be deleted if they are no longer required in light of the purposes which are outlined above or if you withdraw your consent for processing them. However, you need to keep in mind that a request for deletion will be evaluated by Mesh Payments against:
      • overriding interests of Mesh Payments or any other third party;
      • legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.

      Instead of deletion you can also ask that Mesh Payments limits the processing of your personal data if and when (a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are no longer needed for the purposes which are outlined above, but you need them to defend yourself in judicial proceedings.

    5. You have the right to oppose the processing of personal data if you are able to prove that there are serious and justified reasons connected with his particular circumstances that warrant such opposition. However, if the intended processing qualifies as direct marketing, you have the right to oppose such processing free of charge and without justification.
    6. You have the right to receive from us in a structured, commonly used and machine-readable format all personal data you have provided to us.
    7. If you wish to submit a request to exercise one or more of the rights listed above, you can send an e-mail to support@meshpayments.com for all data subject rights matters. An e-mail requesting to exercise a right shall not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should clearly state and specify which right you wish to exercise and the reasons for it if such is required. It should also be dated and signed, and accompanied by a digitally scanned copy of your valid identity card proving your identity.Mesh Payments will promptly inform you of having received this request. If the request proves valid, Mesh Payments shall notify it as soon as reasonably possible and at the latest thirty (30) days after having received the request.If you have any complaint regarding the processing of your personal data by Mesh Payments , you may always contact Mesh Payments via the e-mail address mentioned in the first paragraph of this clause. If you remain unsatisfied with Mesh Payments’ response, you are free to file a complaint with the competent data protection authority. For a list of national data protection authorities, visit https://edpb.europa.eu/about-edpb/board/members_en.

U.S. Law addenda

In addition to the provisions above, for only U.S. users, the following applies:

Please be aware that Mesh Payments’ Services are provided only to business entities and are not intended for use by individual consumers. Nevertheless, we may collect and/or receive your non-public personal information (“NPI”) as set forth herein and, therefore, we adhere to the requirements of the Gramm-Leach Bliley Act, 15 U.S.C. 6810 – 6827 (also known as the Financial Services Modernization Act of 1999) (“GLB”). NPI does not include any publicly available information. Our Services are intended for a general business audience and not directed at children under the age of 13. If we have actual knowledge that any of the NPI collected relates to or has been provided by a person under the age of 13, we will delete that information. If you are a parent or guardian and believe we may have collected information about a person under the age of 13, please contact us in the manner described in the Privacy Policy terms set forth above. If we determine that we have inadvertently collected NPI from a person under the age of 13, we will promptly delete such information from our records.

NPI We Collect About You and How and When We Collect NPI

The NPI we may collect about you, and how and when we collect it, is described in Sections 1.5 and 2 above. In accordance with Section 2.2, we may collect our Social Security Number (“SSN”).

How We Use Your Information

Our use of your NPI is described in Section 3 above. When we use your NPI for marketing purposes, we will only do so in accordance with the consent requirements that are imposed by applicable law. If your NPI is shared with affiliates and non-affiliated third parties in connection with a marketing campaign for their products and services, you will have the right to opt out. Our use of Cookies is described in our separate Cookies Policy.

When We May Disclose Your NPI

Section 5 above described when we may disclose your NPI.

Overseas Disclosures

If you are a U.S. person, federal, state or local government or you send us NPI concerning any such government or any agency of any of them, you do so in the knowledge that such information may be disclosed to persons in the European Economic Area and such other countries in which those parties or their, or our, computer systems may be located from time to time, where it may be used for the purposes described in this Privacy Policy.

This may occur in the event:

  • our servers or other computer systems are located overseas;
  • our offices or related entities are overseas;
  • there is an overseas connection with any services, transactions, information or products; or
  • we outsource certain activities overseas.

Additionally, some of your NPI may be disclosed, transferred, processed, stored or used overseas by us or by third party service providers.

In these circumstances, you consent to the collection, use, storage and processing of your NPI in those countries.

Data Storage and Security

Our data storage and security measures are described in Section 6 above. NPI that is protected by U.S. state data breach notification laws vary by state according to the location of the person concerned. We comply with state law applicable where the individual concerned is domiciled.

Other Important Information

For California Residents: We will not share NPI we collect about you with non-affiliated third parties, except as permitted by California law, such as to effect, administer or enforce a transaction, in connection with our Services, or in connection with maintaining or servicing any account you have with us.

For Vermont Residents: We will not share NPI we collect about you with non-affiliated third parties, except as permitted by Vermont law, such as to effect, administer or enforce a transaction, in connection with our Services, or in connection with maintaining or servicing any account you have with us. In addition, we will not share information we may have about your creditworthiness with our affiliates except with your authorization.