To request a copy of BidPal's PCI Attestation of Compliance please visit: http://www.bidpal.com/pci-attestation-of-compliance/
BidPal follows international PCI (payment card industry) standards for data security. All BidPal applications, network components, critical servers, and wireless access points are consistent with industry-accepted hardening standards. BidPal uses 2048 bit RSA encryption when storing sensitive card information. All pages that capture sensitive card data on-site use secure HTTP over SSL (128 bit encryption). In addition, the BidPal handhelds connect to our private wireless network with WPA2 security, which encrypts all the packets that are sent via the air.
BidPal's payment processor is iATS Payments (http://www.iatspayments.com). During the card authorization process, a 16 character token is generated by iATS and passed back to BidPal. BidPal stores the token in place of the Primary Account Number (PAN), while iATS stores the PAN.
iATS has been certified as a Level 1 Service Provider of Payment Card Industry (PCI) Data Security Standards (DSS), which is the highest possible level. For verification of iATS Payments' Report on Compliance (ROC) please see Visa's Global Registry of PCI Validated Service Providers: http://www.visa.com/splisting/searchGrsp.do. Service providers on this list were validated as PCI DSS compliant by a QSA and are required to re-validate their compliance on an annual basis.
While we employ commercially reasonable standards and exercise great care in collecting and protecting your information, no safeguards or processes can be guaranteed to be 100% secure. We cannot ensure or warrant the security of any of such information, and you provide such information at your own risk.
Personal Information. When you visit and navigate the WebSite or Mobile Application, we will not collect identifying information, like name, address, email address, or telephone number (collectively, "Personal Information"), about you unless you provide us that information voluntarily. Individuals who register for any services or features on the WebSite or Mobile Application will be required to provide to us Personal Information, like email address, first name, and last name, in addition to selecting a username and password. During the registration process, you may, at your discretion, provide additional Personal Information to us, like telephone number, address, city, state, zip code, and country.
Giving History. BidPal keeps a record of each user's transaction history. This information is kept on file for individuals to reference for personal record keeping and/or IRS tax return purposes. The history is also used by BidPal to analyze overall giving patterns in order to produce benchmark data.
Financial Information. If you register for any service under which BidPal will process payments made by you, then we may require certain financial information, like the name on a credit card, the credit card number, and the credit card expiration date (collectively, "Financial Information").
User-Generated Content. Forums, live chat, bulletin boards, and other features of the WebSite or Mobile Application may allow you to submit user-generated content (collectively, the "User Forums"). User-generated content submitted by you through the User Forums may be stored in our systems.
Cookies. BidPal may collect information through the use of common locally stored tracking objects such as cookies. Cookies are small strings of text placed onto your computer by a website to improve your visit to the website by tracking which parts of the website you visit most often. No Personal Information is stored in a cookie. You have the option to delete or decline cookies by changing your browser's settings.
Server Logging. Our server logs may store information you provide to us through your web browser when you visit the WebSite or Mobile Application, like your IP address, web browser type, referring URL, and other HTTP Header information. We use this information to troubleshoot issues with the WebSite or Mobile Application and in an aggregated form for statistics purposes. We also may, from time to time, attempt to personally identify individuals using this information who may be maliciously using the Website or Mobile Application, threatening our users, or violating state or federal laws.
GPS Information. When browsing the WebSite through a mobile phone or accessing the Mobile Application, we will attempt to collect your location through GPS for giving opportunities near you. You may remove this location sharing authorization.
Google Analytics. BidPal has implemented the event tracking feature of Google Analytics Advertising offering, including Remarketing with Google Analytics, Google Display Network Impression Reporting, DoubleClick Platform integrations and Google Analytics Demographics and Interest Reporting. You have the ability to opt out by visiting: https://tools.google.com/dlpage/gaoptout/
Improving Your Experience. We use non-identifiable, aggregated information to improve the products and services we offer, to conduct market research, to generate profiles and reports, and to improve your overall experience of the WebSite or Mobile Application. We also may share this anonymous, aggregated information with partners, advertisers or other third parties.
Direct Marketing. By providing Personal Information on the WebSite or Mobile Application you consent to BidPal's use to contact you via Email or Mobile Application Notifications. If you do not wish to receive marketing communications from BidPal, you may unsubscribe by following instructions provided within or disable notifications in the Mobile Application settings.
Purchases. When you make purchases or otherwise pay for services on the WebSite or Mobile Application, we will share your Personal Information and Financial Information with our third-party payment processors. We will only share the information necessary to complete the transaction.
"Contact Us" or Troubleshooting. Information provided by you as part of a request that we follow up or contact you as part of the "Contact Us" feature on the WebSite or Mobile Application will be used by us to contact you and discuss your concerns or interest in our products and services. We may use your information to provide customer support or troubleshooting in the connection with your use of such products and services.
Combination. We may, on occasion, combine information we collect through the WebSite or Mobile Application with information that we collect from other sources.
Information Sharing. We may disclose your information to our affiliates, as well as third party partners as follows below:
a) Service Providers. Your Personal Information may be shared with third party service providers that assist BidPal in fulfilling orders from customers, delivering packages, sending mail, providing search results and links, or similar customer services.
b) Law Enforcement. Your Personal Information and Financial Information may be shared with law enforcement officials if it relates to a criminal investigation or alleged illegal activity.
c) Necessary or for Safety Reasons. We may disclose your Personal Information or Financial Information if required or permitted to do so by law, for fraud protection and credit risk reduction purposes, or in the good-faith belief that such action is necessary to protect and defend the rights or property of BidPal or the users of the WebSite or Mobile Application, to act under urgent circumstances to protect the safety of BidPal or its employees or a member of the public, or to comply with a judicial proceeding, court order, or legal process.
BidPal does not participate in bulk email solicitations that you have not consented to receiving. We do not sell or disclose client lists or email address lists to unrelated third parties. If you no longer wish to receive email communications from BidPal, you may email us at email@example.com or click on the "unsubscribe" link at the bottom of any email sent to you by BidPal.
Please be aware that User Forums are open to the public so others using these areas on the WebSite or Mobile Application can read information you submit. Any information you submit when participating in the User Forums may be publicly available.
We do not knowingly collect Personal Information from persons under the age of 13. If we learn that we have inadvertently collected Personal Information from a child under 13 years of age, we will promptly take all reasonable measures to delete that information from our systems. Our web site is designed for adults and is not intentionally targeted to children under the age of 13. Children under the age of 13 should not use our web site without obtaining prior parental consent.
If you would like to access, update or modify your Personal Information, or to have us delete your Personal Information, you may do so by contacting us by email at firstname.lastname@example.org or clicking the "My Account" link at the top of each auction page. We will process any request to access, update, modify, or delete information within thirty (30) days. Opting-out, unsubscribing, modify, updating, or requesting to delete your Personal Information will not delete any information that may reside on backup or disaster-recovery files.