Privacy Policy

Fortis Payment Systems, LLC (“Fortis”) is committed to protecting the privacy of our merchants. We have designed the Privacy Policy to inform you about what information we collect and how we use your personal information in order to provide payments processing and other products/services to you.

The Privacy Policy is available in the footer section of the Fortis website (www.fortispay.com). If you are a resident of California, European Economic Area (“EEA”), or Canada, you may have additional rights described in the linked sections below referencing your region.  

From time to time, Fortis may modify portions of this Privacy Policy.  We will notify you of any material changes through a notice on the Site home page and if you have an account with us, we will notify you by email to the primary email address specified in your account. 

Merchant Consent

Fortis may provide separate privacy notices that apply to specific products or services that we offer; in which case this Privacy Notice does not apply except to the extent that those separate privacy policies indicate otherwise. Where this Privacy Notice applies, Fortis may provide additional or supplemental privacy notices to individuals at the time we collect their data, which will govern how we may process the information provided at that time. We may alter this Privacy Statement as needed for certain products and services and to abide by local laws or regulations around the world, such as by providing supplemental information in certain countries.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, such as:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

When Fortis collects information directly from you, we obtain this personal information in order to provide you with our products and/or services, to provide customer service and to fulfill legal and regulatory requirements.

The information we collect may include your name, physical and mailing address, e-mail address, telephone number, date of birth, and last four digits of your Social Security Number. Fortis receives credit and financial-related personal information from consumer reporting agencies, such as credit bureaus reports and other personal information from other third parties. Fortis also obtains information verifying your business from third party sources. When we obtain information about our merchants from third parties, we use sources that we believe are reputable, including public repositories.  Please see the chart in the section below entitled Data Collection and Associated Sources for details regarding the categories of personal information that we collect.

Use of Cookies

To ensure we are publishing content customers need and want, Fortis collects aggregated site-visitation statistics using cookies. When someone visits the site, a cookie is placed on the customer’s machine (if the customer accepts cookies) or is read if the customer has visited the site previously. Most browsers accept Cookies until you change your browser settings. If you do not wish for the Site to collect your information using Cookies, you can typically disable the use of Cookies (or disallow the use of Cookies on specific websites) by changing your browser settings.  If you choose to not have your browser accept cookies from Fortis’ website, certain features may not work, and you will need to reenter your personal information each time that you attempt to access premium information.

We may use Google Analytics Advertising features such as demographics and interest reporting to collect anonymized data about the gender, age, and interests of visitors to the Site. You can read Google’s security and privacy policies for Google Analytics at policies.google.com/technologies/partner-sites. You may opt out of having your data used by Google Analytics by accessing Google’s Ads Settings, Ad Settings for mobile apps, or any other available means.

We do not currently honor “do not track” (DNT) signals from a web site browser.

Use of Personal Information

Fortis may use or disclose the personal information that we collect for one or more of the following business or commercial purposes:

  • To fulfill the reason you provided the information, such as responding to your inquiries regarding an application, evaluating and processing your application, and verifying your information during the approval process.
  • To process your requests, transactions, and payments and prevent transactional fraud.
  • To maintain, customize, and secure your Fortis account information, obtain payment for equipment, and keep track of your transactions, payments and fees.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To help maintain the safety, security, and integrity of our website, properties and services, databases and other technology assets.
  • To provide, offer, support, personalize, or develop our website, properties, and services.
  • For testing, research, analysis, and product development to develop and improve our website, and related services.
  • To resolve disputes and enforce our agreements, establish or exercise our legal rights, or defend against legal claims.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
  • As otherwise described to you when collecting your personal information.
  • To provide promotional materials that may be aligned with your interests.

We are committed to protecting the confidentiality of your personal information.

When Fortis collects personal information about you, we handle this information with discretion and confidentiality. Fortis’ policies limit access to the personal information we collect to those Fortis employees and Fortis business relationships that need the information to fulfill their business responsibilities. We require our employees to adhere to Fortis’ Privacy Policy. Employees who violate the Fortis Privacy Policy are subject to disciplinary action.

When Fortis engages vendors and other outside contractors, they are subject to our contractual requirements. For purposes of credit reporting, verification, and risk management, we may disclose information about you with third parties. We will also disclose information in response to a request issued by a court, government agency or regulatory authority.

In addition, when Fortis obtains personal information about consumers indirectly through our merchants, we require our merchants to provide these consumers with their own timely and complete privacy notice.

We protect your information and use appropriate security measures.

We take reasonable administrative, technical and physical security measures to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, and to help ensure that it is used in accordance with this Privacy Policy. Fortis employs advanced technology to protect personal information collected against unauthorized access, disclosure, alteration or destruction. These measures may include, among others, encryption, physical access security and other appropriate technologies. Fortis continually reviews and enhances its security systems, as necessary. Please note, however, that no data security measures can be guaranteed to be completely effective, and we cannot guarantee the safety or security of your information.

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless longer retention is required by law or for auditing purposes.  To determine the appropriate retention period for personal information, we consider applicable laws, the nature of the personal information, its purpose, and the potential risk of harm from its unauthorized use or disclosure.

We strive to maintain our privacy standards.

Your privacy is important to us. Fortis enforces its privacy program standards by doing the following:

  • Employee privacy training and employee compliance related to the Privacy Policy
  • Periodic assessments of Fortis’ compliance with this Privacy Policy
  • Periodic management review to ensure that Fortis actively participates in appropriate privacy activities, including self-regulatory initiatives

We give you choices about how your information will be used.

When we obtain personal information as part of our direct relationship with you, we will not disclose this information with nonaffiliated third parties, except in the following circumstances:

  • In accordance with the Fortis Privacy Policy
  • To facilitate and complete merchant-initiated or authorized transactions
  • To comply with federal, state and local laws, including credit reporting laws and card association rules
  • To combat fraud
  • To offer products and services that Fortis believes may be of interest to you.

As a general policy, we use personal information and message data, if applicable, for internal purposes only. We do not sell or rent information about you. We will not disclose personal information or message data to third parties without your consent, except as explained in this Privacy Policy.

Since your needs may change, and Fortis continuously develops new products and services, we may contact you to determine if we can provide you with additional services. Most of our customers appreciate hearing about our new products and services and prefer that we continue to contact them. If you would prefer not to be contacted, we will make information available to you about how you may request to have your name removed from any Fortis-owned marketing lists.

You may also opt out of hearing about our products and services by providing Fortis with your e-mail address by calling us at 855-465-9999.

We maintain procedures to assure the quality of information we collect, and, in some instances, we inform you how you can access your information and make corrections, if necessary.

Fortis employs appropriate measures to assure the quality of information that we collect directly from you. In some instances, where Fortis collects information directly from you, Fortis informs you how to correct any erroneous or out-of-date information stored in our database. These requirements and procedures may vary by each Fortis business activity. We abide by applicable laws related to such information.

Fortis’ websites may be linked to other websites.

Fortis may create links to third-party websites. Fortis is not responsible for the content or privacy practices employed by third-party websites that are linked to our website. Neither does Fortis control or warrant the products or services offered at third-party websites.

INFORMATION FOR CALIFORNIA RESIDENTS

California’s Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”) requires that we tell you about the categories of personal information collected by Fortis and the sources from which we collect personal information, the categories of your personal information that we disclose, and the kinds of third parties to whom we disclose your personal information. We have included that information in this Notice to comply with the CCPA and any terms defined in the CCPA have the same meaning when used within this policy document. Please note that this does not apply to personal information that we collect from employees or job applicants, or from owners, directors, officers, or contractors of Fortis in the course of our provision or receipt of business-related services.

Data Collection and Associated Sources

We collected the categories of personal information specified below in the preceding 12 months.

CategoryExamplesCollected
A. IdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.YES
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).  YES
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YES
E. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NO
F. Internet or other similar network activity.Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.YES
G. Geolocation data.General physical location based on IP address.YES
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NO
I. Professional or employment-related information.Current or past job history or performance evaluations.NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
K. Inferences drawn from other personal information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.NO
L. Non-public sensitive personal information (“SPI”) as defined in Cal. Civ. Code § 1798.140(ae).  Personal information that reveals social security numbers, driver’s license numbers, state ID cards, passport numbers, consumers’ account log-in access information, geolocation, racial/ethnic origin, religious or philosophical believes, union membership, consumers’ mail/email/text content, genetic data; the processing of biometric information for the purpose of uniquely identifying a consumer; or personal information concerning a consumer’s health, sex life, or sexual orientation.YES

The Geolocation data indicated in row G above is limited to general location data associated with the IP address used to access the Fortis website.  We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Our sources for the collection of personal information identified above are: you (directly), independent sales agents, business partners, service providers, third parties, and public records.

Disclosures of Personal Information

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics.

Category D: Commercial information.

Category F: Internet or other similar network activity.

Category G: Geolocation Data.

Category L: Non-public sensitive personal information.

We disclose your personal information for a business purpose to the following categories of third parties:

  • Independent sales agents
  • Debt collectors
  • Payment processors
  • Banks
  • Service providers

Sales and Sharing of Personal Information

In the preceding twelve (12) months, we have not sold personal information to any third parties or shared information with third parties for the purpose of targeted or behavioral advertising.  We do not sell personal information to third parties, or share personal information to third parties for the purpose of targeted or behavioral advertising, including personal information pertaining to minors under the age of 16.

California Rights and Choices

Subject to certain restrictions, the CCPA gives California residents certain rights to request access to personal information that Fortis has about you, to request deletion of personal information that we collect and maintain, and to opt-out of the sale of personal information about you. This section describes how you can exercise those rights and our process for handling your requests.

  1. Right to Request Access to Your Personal Information

California residents have the right to request a copy of the following:

  • the categories of personal information we collected about you;
  • the categories of sources from which the personal information is collected;
  • the business or commercial purpose for collecting or, if applicable, sharing or selling, the personal information;
  • the categories of third parties to whom we disclose personal information; and
  • the specific pieces of personal information we have collected about you.
  • Whether we sold, shared, or otherwise disclosed your personal information for a business purpose, separately disclosing:
    • Sales, identifying the personal information categories that each category of recipient purchased;
    • Sharing, identifying the personal information categories that we shared with each category of recipient; and
    • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

To submit a request, please email us at privacy@fortispay.com or call us at 1-855-465-9999.

The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. A request must be provided with sufficient detail to allow us to understand, evaluate and respond. The requester must provide sufficient information to allow us to reasonably verify that the individual is the person about whom we collected information.

California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority. We cannot respond to your request to provide any personal information if we cannot verify your identity using the information provided.

b) Right to Request Deletion of Personal Information

You have the right to request that Fortis delete personal information that we collected from you and retained, subject to certain exceptions. To submit a request, please email us at privacy@fortispay.com or call us at 1-855-465-9999.

The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. A request must be provided with sufficient detail to allow us to understand, evaluate and respond. The requester must provide sufficient information to allow us to reasonably verify that the individual is the person about whom we collected information. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority. We cannot respond to your request to provide any personal information if we cannot verify your identity using the information provided.

  • Right to Correct Inaccurate Information

You have the right to request that we correct inaccurate personal information, taking into account the nature of the personal information and the purposes for processing the personal information. Once we receive and confirm your verifiable consumer request, we will use commercially reasonable efforts to correct the inaccurate personal information.

  • Right to Non-Discrimination for the Exercise of Privacy Rights

California residents have the right to not be discriminated against for exercising their rights as described in this Notice. We will not discriminate against you for exercising your CCPA rights.

  • Additional Rights

California residents may also exercise their right to opt out of data sales (although Fortis does not sell your personal information), right to opt out of sharing personal information for the purpose of targeted advertising (although Fortis does not share personal information for the purpose of targeted advertising), right to limit the processing of sensitive personal information, and right to restrict automated decision-making.

Exercising Access, Data Portability, Correction, Deletion, and Additional Rights

To exercise the access, data portability, correction, and deletion rights described above, please submit a verifiable consumer request to us by either:

•          Calling us at 1-855-465-9999; or

•          Emailing us at privacy@fortispay.com.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us via the methods noted above.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

•          Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

•          Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes to Our Privacy Notice

This privacy notice was last updated on January 1, 2020. Fortis reserves the right to amend this privacy notice at its discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our website and update the notice’s effective date.

How the Fortis Privacy Policy applies to you.

The information contained in this Privacy Policy are examples only and are not intended to be all-inclusive. If you decide to close your merchant account or become inactive, or if we close or suspend your account, our Privacy Policy, will continue to apply. We may amend this Privacy Policy at any time, and we will inform you of changes as required by law. You may have other privacy protections under state laws, and we will comply with applicable state laws when we disclose information about you.

If you supply us with personal data and request information from us, we will contact you to provide you with the information you requested. We may also contact you to follow up on your job opportunity inquiries, or we may send you other information about Fortis and its products or services that we believe you would find interesting or helpful.

If you have any questions or comments about the Fortis Privacy Policy, please contact privacy@fortispay.com.

Fortis Payment Systems, LLC (“Fortis”)

43155 Main St.

Suite #2310C

Novi, MI 48375

 

Date Last Revised: 1/24/2023

EEA PRIVACY NOTICE

This supplemental privacy notice (“Privacy Notice”) provides European Economic Area (“EEA”) individuals additional information required by the EU General Data Protection Regulation. These provisions, together with the statements in the general Fortis Privacy Policy above (“Privacy Policy”), set forth our practices with regard to EEA personal data.  For EEA individuals, if there is a conflict between this Privacy Notice and the Privacy Policy, this Privacy Notice governs.

Contact Information:

Fortis Payment Systems, LLC (“Fortis”)

43155 Main St.

Suite #2310C

Novi, MI 48375

Fortis is based in the United States.

This Privacy Notice sets forth our reasons for processing your personal information.  Certain capitalized terms used but not defined in this Privacy Notice shall have the meanings set forth in our Privacy Statement. 

Legal basis and purposes for data processing:

We only process personal information when we have a legal basis for the processing, including to complete a contractual necessity, to serve our legitimate interests, to comply with a legal obligation, to perform a task in the public interest, or to process your personal information with your consent.  We may also process your personal information for the purposes of our own legitimate interests or for the legitimate interests of others so long as that processing does not outweigh your rights and freedoms.  Specifically, we will only process your personal information consistent with the uses listed in Fortis’ general Privacy Policy, stated here

Automated decision making and profiling:

We make automated-decisions and profile potential merchant partners based on risk and credit profiles, using information such as credit card processing statements, bank statements, and tax documents to generate profiles regarding potential merchant partners.  We do not use personal information for automated decision making and profiling purposes with respect to individuals.

Personal information requirements:

You are generally not required to provide any personal information to Fortis, with the exception that if you become a Fortis employee, Fortis will collect personal information that Fortis is required to process to maintain the employment relationship. If you engage or access our services as a vendor partner, you are required to provide certain personal information to enable us to perform the services that you request, including your name and contact information.  Customers of our vendor partners may be subject to additional personal information processing requirements imposed by our vendor partners, such as name, contact information, address, telephone number, and e-mail address. 

Your rights:

You have choices regarding how we use your personal information.  You are entitled to the following:

The right to access: You have the right to request copies of your personal information.  We may charge you a minor fee for this service.

The right to rectification: You have the right to request that we correct any information that you believe is inaccurate.  You also have the right to request that we complete information that you believe is incomplete.

The right to erasure: You have the right to request that we erase your personal information under certain conditions.

The right to object to processing: You have the right to object to our processing of your personal information, under certain conditions.

The right to data portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

In addition, when Fortis provides its services or acts as a data processor, we receive your personal information from third parties as needed to provide services.  If Fortis is processing your personal information as a data processor, we will refer you to our client for assistance with these requests.  We support our clients with responding to requests required by law.

You may also decline our marketing communications.

To exercise these rights, please contact us via email at privacy@fortispay.com or write to the address above.  Note that for your protection, we may need to verify your identity before we can process your request.

If you believe that we have violated applicable law in our processing of your personal information, please contact us at privacy@fortispay.com or contact a supervisory authority.

Data Retention:

Your personal information will be retained for as long as the information is needed for the purposes set forth in our Privacy Statement and this supplemental Privacy Notice and for any additional period that may be required or permitted by law. The retention period depends on the purpose(s) for which the data was collected, how it is used, and applicable law. You may request that we delete your personal information by contacting us via email at privacy@fortispay.com or writing to us at the address above. If we do not have a legal basis for retaining your information, we will delete it as required by applicable law.

YOUR RIGHTS: CANADA RESIDENTS

If you are a resident of Canada, you may have additional rights regarding your data. 

Residents of Canada: Subject to our verification of your identity and to the extent provided by law, you have the rights to:

  • access your personal information that we hold
  • correct and update your personal information held by us
  • withdraw your consent to our use or communication of your personal information. 

To exercise any of these rights or to make a complaint: please contact us at privacy@fortispay.com