Your privacy is important to us. As a result, we’ve developed this Privacy Policy that provides a description of how we collect, use, disclose, transfer, and store your information, as well as your choices regarding use, access, and correction of your Personal Data (as defined below in Section I.b.). Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.
a. Introduction
This Privacy Policy applies to the website or service owned and operated by Deluxe Corporation of 801 South Marquette Avenue, Minneapolis, Minnesota, United States 55402 and its subsidiaries and affiliates (referred to herein as “Deluxe,” “we,” “us” or “our”) from which it was accessed. We make reasonable efforts to protect the privacy of your Personal Data. This Privacy Policy was created to demonstrate our commitment to fair information practices. Our policies and procedures address applicable U.S. and international privacy requirements (including EU GDPR and UK GDPR) concerning the collection, use, and cross-border transfer of Personal Data.
This Privacy Policy covers Deluxe and its subsidiaries’ use of Personal Data that Deluxe collects when you use its websites, including but not limited to www.deluxe.com (collectively, the “Sites”). You can find out more details on the Deluxe family of companies by looking at our corporate information here https://investors.deluxe.com/financials/sec-filings/default.aspx. If Personal Data is provided to us, whether in electronic, paper, or verbal format, it will be collected, used and disclosed by Deluxe in accordance with this Privacy Policy.
b. Definitions
a. Legal Basis for Collection
The legal bases for us processing your Personal Data for the purposes described in this Privacy Policy are either consent or because the processing is: (i) necessary to fulfil the services you have requested including for the performance of our contract with you or to take steps at your request before entering into a contract; (ii) to comply with our legal and regulatory obligations; and/or (iii) because it is necessary for the purposes of our *legitimate interests.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. Our legitimate interests are those where we consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on:
*You can object to processing on the basis of legitimate interests at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims – see further e.g., “Rights – Access & Correction etc.” below.
b. Types of Personal Data Collected
c. Information from Children
Deluxe Sites and its related services are directed at adults and businesses. We do not knowingly collect or use information provided from children under the age of 13. If we become aware of any collection of Personal Data from children, we will delete it immediately.
d. Cookies
A cookie is a small text file which is placed onto your device (e.g., computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognize you and your device and store some information about your preferences or past actions. To find out more please see our Cookies Policy where we provide detailed information about the types of cookies we use, consent to using cookies and changing settings, our privacy preference center, third-party access to cookies, Google cookies, Salesforce cookies, Microsoft cookies, how to turn off cookies and the consequences of doing so, and similar technologies.
You can switch off most cookies at any time. You will not be able to switch off strictly necessary cookies (which are explained in our cookies policy). You can switch off most cookies by visiting our Privacy Preference Center (PPC) by clicking on “Cookie Settings” at the bottom of any page on our site or by using your browser or other tools to do this. If you chose to limit the use of cookies at the individual browser level or choose to disable cookies, it may limit your use of some features or functions on our website.
e. Applying to Work with Us
If you apply to work with us, we will use the information you supply to process your application and to monitor recruitment statistics. We may transfer your details outside of your home country and to other companies or locations in our group. We will ask you to sign up to additional privacy terms if you apply for a job with us. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give more details about how we hold employee data, and we will expect the employee to sign up to additional privacy terms as part of their employment.
If you apply to work with us through a third party, such as a recruitment consultant, please also check their privacy policy before proceeding. We do not encourage unsolicited approaches either directly or from third parties – regarding the latter, please do not send personal data to us unless the individual has read and agrees to this Privacy Policy.
We may retain details of candidates who may be of interest to us, either now or in the future, for up to one year. If you would not like us to do that, please let us know. Additionally, if your circumstances change – for example you no longer wish to be considered by us for employment – please let us know that too.
We may use third parties to consider potential hires. We may also verify details in your application and make what we consider to be reasonable and necessary background checks about you.
We use the information collected about you to process orders, to provide a more personalized customer experience and to help us (for example to improve our website or help with advertising). This might include remembering your data when you visit our sites so that we can show you relevant content or help you complete an order. We may also use your information to communicate with you about products, services, and future promotions. For the purposes of order verification and fraud prevention, we may exchange information about our customers internally within Deluxe.
The type of information we collect, use, or share may depend on the product or service you have requested from us. At times, we may request that you voluntarily supply identifying information for purposes such as receiving correspondence, registering on this website, making purchases, or participating in online surveys, forums, blogs, chat sessions, market research or contests/sweepstakes. If you elect to participate, we may require you to provide business information, including your name, mailing address, phone number, financial institution information, credit card information, or e-mail address.
In some areas of our website, you may provide employee information such as when adding authorized users to your business account and updating contact information. When you submit business information to us, you understand and agree that we may access, store, and use your information in accordance with this Privacy Policy to provide you the requested service or product. You should also make sure that you bring this Privacy Policy to the attention of anyone whose details you give us and specifically draw their attention to the data protection rights they may have.
Using the information you provide us, we will communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We may send you strictly service-related announcements when it is necessary to do so. Generally, you may not opt out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
Deluxe may selectively share customer information, including names and mailing addresses, with third parties and organizations whose products and services we think may interest you. We also share data gathered from cookies and similar tools. You can find out more about this in our Cookies Policy and in our online Privacy Preference Center (PPC). There is more detail on what the PPC does in our Cookies Policy. Our Cookies Policy also gives more detail of some of the data sharing and collection relationships we have for data collected from our websites including our relationships with Google, Salesforce, and Microsoft.
We may share your email address with third parties for marketing purposes and partner with selected companies to offer products or services we believe may be of interest to you on their behalf.
You may update your subscription preferences or opt out of receiving unsolicited marketing as a result of your transaction with us or request that we refrain from sharing your Personal Data with third parties and other organizations for marketing purposes. If you no longer wish to receive promotional communications from Deluxe or any third parties, you may edit your Account Profile, follow the unsubscribe instructions included in each communication, or refer to the Contact Us section below.
We may use publicly accessible information to verify information we are provided with and to manage and expand our business.
We take what we consider to be reasonable steps to ensure that Personal Data we receive, process, or maintain is accurate, complete, and reliable for its intended use. We rely on the accuracy of the information provided directly to us and we rely on third parties (including users of the Services) to keep that data up to date.
In general, we keep Personal Data only as long as we need it to provide you with the services you request. We may also process data on behalf of third parties who have engaged us. We keep Personal Data processed on behalf of third parties for as long as needed to provide services to the third party in question. However, we reserve the right to retain Personal Data for any period required by law or to comply with our legal obligations, resolve disputes, and enforce our agreements. We maintain procedures designed to ensure the secure disposal or destruction of Personal Data.
Data may also be retained by cookies placed on our Sites by us or by third parties. Our Cookies Policy tells you more about this. You can also hit the “Cookies Settings” button on the cookies banner on our websites to see the individual retention period for each cookie. For each cookie you should see a description of what the cookie does, who controls it and how long the data is held for. Some cookies retain data for long periods of time, but you can disable each cookie (other than Strictly Necessary Cookies) to limit the retention of your data.
a. Personal Data Disclosures
There are a variety of circumstances where we may need to disclose Personal Data to:
We may also disclose Personal Data to comply with our legal obligations or in the interests of security or public interest in any country. Further, we may also disclose Personal Data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests.
If Deluxe or any part of our group is sold, or some of its assets transferred to a third party, your Personal Data, as a valuable asset, may also be transferred to the acquirer, even if they are not in the same line of business as us. Our customer database could be sold separately from the rest of the business, in whole or in a number of parts. Potential purchasers and their advisors may have access to data as part of the sale process. However, use of your Personal Data will remain subject to this Privacy Policy. Your Personal Data may also be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration.
Please bear in mind that when you share information publicly on the website, for example a comment on the blog post, it may be indexable by search engines, including Google, which may mean that the information is made public.
Additionally, Deluxe may share your Personal Data, without your prior consent, for the limited purposes noted below based on legitimate interests.
b. Subprocessors/Third-Party Service Providers
To provide and market our services, Deluxe uses subprocessors to perform functions such as:
We share Personal Data with third-party service providers to the extent necessary to provide the requested services. These companies are prohibited from retaining, sharing, storing, or using the Personal Data for any secondary purposes. By contract, we hold our third-party service providers accountable for the privacy and security of Personal Data in accordance with our Privacy Policy and applicable laws and regulations. You have the choice to limit the use and disclosure of your personal data. If you choose to limit the data being used, simply do not disclose that information to Deluxe or use the Sites. In some cases, limiting the use and disclosure of your personal data may impact functionality or prevent the use of Deluxe’s products or services. When Deluxe does share your Personal Data with third party subprocessors, Deluxe will:
c. Legal Obligations
We cooperate with government or law enforcement officials and private parties to enforce and comply with laws applicable to our services. We will disclose information about you to government or law enforcement officials or private parties, as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process, to protect our property, the property and rights of a third party, national security, or the safety of the public or any person, or to prevent or stop activity we consider illegal or unethical. We will also share your information to the extent necessary to comply with ICANN's rules, regulations, and policies regarding your domain services. Read our subpoena policy.
If you are visiting this website from a country other than the country in which our servers are located, we may need to transfer your personal data to the US. Any transfer of your data will be subject to an EU-approved mechanism or a UK-approved mechanism (recognised or issued further to Article 46(2) of UK GDPR), whichever is applicable including standard contractual clauses or an international data transfer agreement (IDTA), that is designed to safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
VI. Protection of Personal Data
In order to protect your Personal Data and your right to privacy, Deluxe has implemented what it considers to be reasonable appropriate technical and organizational security measures, including:
Despite our measures and safeguards to protect your Personal Data we cannot guarantee the security of information on or transmitted via the Internet. We rely on various security procedures, third parties and systems to ensure the secure storage and transmission of data, including encryption and authentication technology licensed from third parties, to effect secure transmission of confidential information. We have security measures in place designed to protect our user database and access to this database is restricted internally.
However, where you have a client account for the website it remains your responsibility:
Our Sites contains links to other sites that are not owned or controlled by us. When you leave our website, we encourage you to read the privacy statements of each website that collects Personal Data. Therefore, please read carefully any privacy statements on those links or websites before either agreeing to their terms or using those websites. This Privacy Policy applies only to information collected by Deluxe Sites. If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure. Note that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data.
Where site functionality is not impacted, you can choose not to provide consent for your Personal Data to be disclosed to a third party. If you do not wish to receive promotional material from us, you do not have to consent when we ask you for Personal Data. In certain cases, limiting the use and disclosure of your Personal Data may impact functionality or prevent the use of Deluxe products or services.
To the extent permitted by the laws of your country, you may also have the right to access, correct, delete, restrict, be forgotten, object to processing of, or request data portability of the personal data collected about you, subject to some conditions and exceptions. With regard to the European Union (EU) you can find out more about these rights by reading the EU General Data Protection Regulation (EU GDPR) here: https://gdpr.eu/. With regard to the UK you can find out more about these rights by reading the UK General Data Protection Regulation (UK GDPR) here https://www.legislation.gov.uk/eur/2016/679/contents (please also see the UK Information Commissioner Office’s guidance).
Also, regarding the EU and the UK, if you have given permission, we may contact you by mail, telephone, SMS text, or email about products, services, promotions, or special offers that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by following the unsubscribe instructions included in these communications, or you can contact us at privacyprogramoffice@deluxe.com.
Deluxe will respond to all questions, complaints or requests concerning this Privacy Policy within one month of receipt. Please see the applicable details below:
a. EU & Swiss Citizens
Deluxe commits to resolve complaints about your privacy and our collection or use of your Personal Data. European Union, UK and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Deluxe at:
Deluxe Small Business Sales, Inc.
Privacy Program Office
801 S Marquette Ave, Minneapolis, MN 55402
Email: privacyprogramoffice@deluxe.com
If you believe that our processing of your Personal Data infringes your rights under EU GDPR, without prejudice to any other administrative or judicial remedy, you may also have the right under Article 77 of EU GDPR to lodge a complaint with a supervisory authority located in the EU Member State: (i) where you habitually reside; (ii) where your place of work is located; or (iii) where the place of the alleged infringement took place. You can find the various supervisory authorities contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
With regard to the UK, where applicable, you may also have the right to lodge a complaint with the Information Commissioner’s Office, who may be contacted using the details here: https://ico.org.uk/make-a-complaint.
If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
b. Individuals in the EEA
We have appointed Baker Tilly Data Privacy GmbH to be our data protection representative within the European Economic Area (EEA).
Individuals within the EEA can contact the data protection representative using the following contact details:
Christian Engelhardt - christian.engelhardt@bakertilly.de https://www.bakertilly.de/en/employee/christian-engelhardt.html,
Nymphenburger Strasse 3b, 80335 Munich, Germany.
You can find out more about the role of the data protection representative by reading Article 27 of GDPR.
c. Citizens elsewhere in Europe
Deluxe commits to resolve complaints about your privacy and our collection or use of your Personal Data. Individuals in Europe outside of the EU/EEA, Switzerland or the UK with inquiries or complaints regarding this Privacy Policy should first contact Deluxe at:
Deluxe Small Business Sales, Inc.
Privacy Program Office
801 S Marquette Ave, Minneapolis, MN 55402
Email: privacyprogramoffice@deluxe.com
We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will prominently post those changes here and any other place we deem appropriate, so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make any material changes, we will notify you by way of an email (sent to the email address associated with your account) or by means of a notice on this site prior to the change becoming effective. Any new policy will automatically be effective when it is published on the website. You should therefore return here regularly to view our most up-to-date Privacy Policy. You should also print a copy for your records. We will use information in accordance with the Privacy Policy under which the information was collected.
We use a self-assessment approach to address compliance with this Privacy Policy, verifying periodically that the policy is accurate, comprehensive, and addresses the privacy requirements applicable to the markets we serve. Periodically, our operations and business practices are reviewed for compliance with corporate policies and procedures governing the confidentiality of information.