Value Pay Services, LLC
9200 South Dadeland Boulevard, Suite 705
Miami, Florida 33156
Technical Support: firstname.lastname@example.org
I. General and Express Consent by Accessing Websites
VPS shares information, including Personal Information, with IPC and IPC’s wholly owned subsidiaries, including, but not limited to, IPC Financial Solutions, LLC (“IPCFS”), IPC Insurance Solutions, LLC (“IPCIS”) and Independent Purchasing Incorporated (“IPI”). IPC and its wholly owned subsidiaries are collectively referred to herein as “IPC”.
VPS shares information, including Personal Information, with international purchasing cooperatives, including, but not limited to, European Independent Purchasing Cooperative (“EIPC”), Latin America and Caribbean Independent Purchasing Cooperative (“LACIPC”), Independent Purchasing Cooperative (Australasia) Limited (“IPCA”) and Middle East Independent Purchasing Cooperative (“MEIPC”), all of which are member owned and operated entities, composed of all of the SUBWAY® Franchisees located in the respective geographical areas as follows: the European Union (EIPC), Latin America and the Caribbean (LACIPC), Australia (IPCA) and the Middle East (MEIPC). EIPC, LACIPC, IPCA and MEIPC are collectively referred to herein as the “Co-op Group”.
VPS shares information, including Personal Information, with Franchise World Headquarters, LLC ( “FWH”), which operates as a service-oriented company for and on behalf of the SUBWAY® System worldwide by providing core business related services for Doctor’s Associates Inc. (“DAI”). DAI owns and licenses the SUBWAY® trademark and SUBWAY® Restaurant System to its affiliates, including, but not limited to, Subway International B.V. (“SIBV”), Subway Systems Australia Pty Ltd (“SSA”), Subway Franchise Systems of Canada, Ltd. (“SFSC”), Subway Partners Colombia C.V. (“SPCCV”), Subway Systems do Brasil Ltda. (“SSB”), Sandwich and Salad Franchises of South Africa Pty Ltd. (“SSFSA”) and Subway Systems India Private Limited (“SSIPL”), in order to develop SUBWAY® restaurants worldwide. FWH, DAI, SIBV, SSA, SFSC, SPCCV, SSB, SSFSA, and SSIPL are collectively referred to herein as the “SUBWAY® Group”.
VPS shares information, including Personal Information, with the following SUBWAY® Group advertising entities: Subway Franchisee Advertising Fund Trust, Ltd. (“SFAFT”), Subway Franchisee Advertising Fund of Canada, Inc. (“SFAFC”), Subway Franchisee Advertising Fund of Australia Pty. Ltd. (“SFAFA”) and Subway Franchisee Advertising Fund Trust B.V. (“SFAFTBV”). SFAFT, SFAFC, SFAFA and SFAFTBV are collectively referred to herein as the “FAF Group”.
All information is collected in a fair and non-intrusive manner, with your voluntary consent, obtained directly from you by VPS, IPC, the Co-op Group, the SUBWAY® Group and/or the FAF Group.
D. Consent to Electronic Notice If There is a Security Breach. If VPS or a Recipient is required to provide notice of unauthorized access of certain security systems, you agree that VPS, or the Recipient, may do so when required or voluntarily by posting notice on the Websites or sending notice to any email address VPS or the Recipient has for you, in the good faith discretion of VPS or the Recipient. You agree that notice to you will count as notice to any other individual for whom you are acting and agree to provide the notice to any such individual.
II. Types of Information VPS Collects
A. Personal Information. Personal Information is defined as any information concerning the personal or material circumstances of an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, by reference to a Social Security Number and/or Identification Number (hereinafter “SSN/I.N.”) or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal Information shall include but is not limited to: name, home address, home and/or mobile telephone numbers, personal email address, SSN/I.N., and financial information such as may be found on credit card applications and financial statements. VPS takes measures to maintain the confidentiality of your SSN/I.N., to protect your SSN/I.N. from unlawful disclosure and to limit access to your SSN/I.N. VPS will not make your SSN/I.N. available to the general public, print your SSN/I.N. on any card, require you to provide your SSN/I.N. to access any products or s ervices, transmit your SSN/I.N. over the internet unless the connection is secure or your SSN/I.N. has been encrypted, or require the use of your SSN/I.N. to access the Websites without additional authentication.
B. Sensitive Personal Information. Sensitive Personal Information includes, but is not limited to: information pertaining to racial or ethnic origin, political affiliation, religious belief, sexual orientation, disabilities, health and veteran status. VPS will never share your Sensitive Personal Information unless you give your explicit consent to share your Sensitive Personal Information.
C. Business Contact Information. Business Contact Information is considered non-Personal Information and, under the laws of the jurisdictions named in Sections X and XII hereof, is not subject to special protection. Accordingly, Business Contact Information can be routinely shared with anyone inside or outside of VPS. Business Contact Information shall include but is not limited to: business name, business address, business telephone number. To the extent that the laws of other jurisdictions do not so provide, such laws will be identified in Section XV hereof.
III. Collection and Use of Personal Information.
VPS collects and uses your Personal Information to operate the Websites for their intended purposes. VPS may collect and use your Personal Information as follows:
A. Personal Information Collected on the Websites. Personal Information is collected on each of the Websites as follows:
- www.mysubwaycard.com Personal Information collected on this Website includes, but is not limited to, name, email address, zip code, birthdate, gender, home telephone number, mobile phone number, Subway Card number, credit card and billing address information (for card purchases or card loads or re-loads). VPS shares this information with the SUBWAY® Group and the FAF Group for the purposes of communications and marketing. VPS may also share certain information with third parties in order to provide support services related to the SUBWAY® Card Program.
- www.tellsubway.com Personal Information collected on this Website includes, but is not limited to, email, mobile telephone number, birthday, anniversary, and survey feedback related to your experiences in SUBWAY® Restaurants. VPS shares this information with the Co-op Group, the SUBWAY® Group and the FAF Group for marketing purposes if you elect to receiving communications.
- www.subwaycatering.com Personal Information collected on this Website includes, but is not limited to, name, address, email address, telephone number, birthday and credit card information. VPS shares this information by transmitting your name and contact information to the SUBWAY® restaurant for the purpose of fulfilling your catering order. VPS will also provide the SUBWAY® Group and the FAF Group with your customer contact information for marketing purposes if you elect to receiving communications.
B. Website Visitors.
- User Name and Password. In order to access the Member or non-public pages on the Websites operated by VPS, a user name and password must be created. VPS does not divulge user names or passwords to anyone internal or external to VPS. Should you need to need to change or remove yo ur user name or password, contact VPS through www.ipcoop.com or directly, as set forth in Section XIII hereof.
- Email & Mobile Updates. You may have the opportunity to elect to receive email and mobile communications from VPS. VPS will only email you or send you mobile alerts if you elect to receive them. If you elect to receive email and mobile communications, VPS will send you occasional updates about new additions to the Websites as well as special offers and promotions of which you can take advantage. If at any time you decide you would rather not receive these types of communications from VPS, you can revoke your election by clicking the unsubscribe link at the bottom of any VPS email or updating the contact preferences for your account.
- Contests and Surveys. From time to time, the Websites may feature voluntary contests or surveys, which may request Personal Information, such as your name, address, telephone number and/or e - mail address. VPS will use the information provided solely in connection with the contest or survey conducted.
If you do not wish to receive a Cookie, or if you wish to set your browser to warn you each time a Cookie is being sent, or if you wish to disable all Cookies, use the options on your internet browser to assist you.
The “Help” option on your internet browser may assist you in changing your Cookie preferences. Please note that by disabling Cookies, you may not have access to many features available on the Websites.
- Internet Protocol (IP) Address. An internet Protocol (IP) address is associated with your computer’s connection to the internet. VPS may use your IP address to help diagnose problems with VPS ’s server, to administer the Websites and to maintain contact with you as you navigate through the Websites. Your computer’s IP address also may be used to provide you with information based upon your navigation through the Websites. VPS does not link IP addresses to any Personal Information.
- Aggregate Information. To measure the visitors’ interest in, and use of, various areas of the Websites and the various programs that VPS administers, VPS will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, VPS may undertake statistical and other summary analyses of the visitors’ behaviors and characteristics. Although VPS may share this aggregate information with third parties, none of this information will allow anyone to identify you, or to determine anything else personal about you.
VPS also collects aggregate information that VPS does not consider Personal Information concerning the food items purchased and the demographics of SUBWAY® restaurant customers. VPS may share this information with the Co-op Group, the SUBWAY® Group and the FAF Group to improve product marketing and advertising.
C. SUBWAY® Franchisees. VPS collects and uses Personal Information from SUBWAY® Franchisees in order to provide services to the SUBWAY® Franchisee. VPS will collect a SUBWAY® Franchisee’s Personal Information in a fair and non-intrusive manner, with such SUBWAY® Franchisee’s voluntary consent. Personal Information collected from SUBWAY® Franchisees includes, but is not limited to: name, birth date, address, telephone number, facsimile number, email address, password, and SSN/I.N. VPS will also collect a SUBWAY® Franchisee’s store name, address, bank account information for Electronic Funds Transfer, credit card information and other related information necessary for billing purposes, such as the SUBWAY® Franchisee’s mailing address for credit card validation. VPS may collect this information from the SUBWAY® Franchisees directly or VPS may receive it from IPC, the Co-op Group, SUBWAY® Group and/or FAF Group. For example, in order to implement the SUBWAY® Cash Card and Rewards Card Programs, VPS must have access to the SUBWAY® Franchisee’s Personal Information, including, but not limited to: name, address, and the bank account information provided to DAI and/or FWH to establish such SUBWAY® Franchisee’s pre-authorized account. If you are a SUBWAY® Franchisee and you do not want VPS to disclose this information, you must notify the Privacy Officer at VPS and, if such information is collected by DAI and/or FWH, you must notify the Privacy Officer at DAI and/or FWH, in writing as set forth in Section XIII hereof. Failure to provide the requested Personal Information may negatively impact a SUBWAY® Franchisee’s ability to operate as a SUBWAY® Franchisee or to participate in certain programs that may be mandatory for SUBWAY® Franchisees.
VPS also may use a SUBWAY® Franchisee’s email address to respond to incoming service and support requests from such SUBWAY® Franchisee, to collect Franchisee feedback, to conduct Franchisee satisfaction surveys, to offer promotions to such SUBWAY® Franchisee and to send other service informational mailings. A SUBWAY® Franchisee’s Personal Information also may be used to communicate with the SUBWAY® Franchisee regarding such SUBWAY® Franchisee’s account(s) with VPS. A SUBWAY® Franchisee’s Personal Information may be provided to a courier or freight forwarder in order to fulfill any order such SUBWAY® Franchisees may have requested from VPS.
D. Customers of SUBWAY® Restaurants. VPS collects and uses Personal Information from SUBWAY® Franchisees in order to provide services to the SUBWAY® Franchisee. VPS will collect a SUBWAY® Franchisee’s Personal Information in a fair and non-intrusive manner, with such SUBWAY® Franchisee’s voluntary consent. Personal Information collected from SUBWAY® Franchisees includes, but is not limited to: name, birth date, address, telephone number, facsimile number, email address, password, and SSN/I.N. VPS will also collect a SUBWAY® Franchisee’s store name, address, bank account information for Electronic Funds Transfer, credit card information and other related information necessary for billing purposes, such as the SUBWAY® Franchisee’s mailing address for credit card validation. VPS may collect this information from the SUBWAY® Franchisees directly or VPS may receive it from IPC, the Co-op Group, SUBWAY® Group and/or FAF Group. For example, in order to implement the SUBWAY® Cash Card and Rewards Card Programs, VPS must have access to the SUBWAY® Franchisee’s Personal Information, including, but not limited to: name, address, and the bank account information provided to DAI and/or FWH to establish such SUBWAY® Franchisee’s pre-authorized account. If you are a SUBWAY® Franchisee and you do not want VPS to disclose this information, you must notify the Privacy Officer at VPS and, if such information is collected by DAI and/or FWH, you must notify the Privacy Officer at DAI and/or FWH, in writing as set forth in Section XIII hereof. Failure to provide the requested Personal Information may negatively impact a SUBWAY® Franchisee’s ability to operate as a SUBWAY® Franchisee or to participate in certain programs that may be mandatory for SUBWAY® Franchisees.
E. Election to Limit VPS’ Use of Personal Information. If you do not want VPS to use or share your Personal Information for the purpose of sending you marketing or promotional materials, please contact the VPS Privacy Officer at email@example.com. If you do not want to receive any further emails from VPS you can so elect by means of the “opt-out” or unsubscribe link in the email message. Your request will be handled promptly but you may still receive marketing communications that were already in the process of being sent prior to VPS ’s receipt of your request.
IV. Storage, Disclosure and Retention of Personal Information.
A. Storage of Personal Information. VPS uses commercially reasonable efforts to ensure that Personal Information is safeguarded against loss, access, use, modification, disclosure, or misuse. All commercially reasonable steps are taken to prevent the unauthorized use or disclosure of your Personal Information. Personally identifiable information collected by VPS may be stored and processed in the United States or any other country in which VPS or its affiliates, subsidiaries or agents maintain facilities and by using the Websites, you consent to any such transfer of information outside of your country.
C. Retention of Personal Information. VPS will retain your Personal Information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. Your consent to the use of your Personal Information for such purposes(s) remains valid after termination of VPS ’s relationship with you.
D. Security. VPS endeavors to protect your Personal Information by using physical, electronic or procedural security measures appropriate to the sensitivity of the information in its control. These measures include safeguards to protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use and modification.
The Websites utilize a variety of different security measures designed to protect Personal Information by users both inside and outside of VPS, including the use of encryption mechanisms, such as Secure Socket Layers or SSLs, password protection, and other security measures to help prevent unauthorized access to your Personal Information. This helps maintain the confidentiality, privacy, and integrity of your Personal Information and any transactions or services you may request, initiate and/or perform on the Websites from loss, misuse, interception and hacking.
V. VPS Websites and Third Party Websites.
VI. Online Behavioral Advertising.
- Advertising on other Websites. VPS contracts with third-party advertising companies to advertise products and services on websites which are not operated by or on behalf of VPS. Some of these advertisements may contain Cookies placed by such advertising companies which permit the monitoring of your response to such advertisements. Any such Cookies placed by such advertising companies will not collect Personal Information. VPS limits such non-Personal Information collected by such advertising companies to the sole purpose of providing advertising services to VPS, but VPS does not control such advertising companies.
If you do not want to have your non-Personal Information used as described in this Section VI, change your Cookie settings as described in Section III.B.4 above. Please note that even if you disable Cookies, you may still receive online advertising from VPS, IPC, the Co-op Group, the SUBWAY® Group and/or the FAF Group. Disabling Cookies means that the advertisements you do receive will not be based on your likes or preferences.
VII. Children and Data Collection.
VPS adheres to the federal privacy protection standards as stated in the Children’s Online Privacy Protection Act (“COPPA”). VPS cares about the safety of children. VPS will not knowingly allow anyone under thirteen (13) years of age to provide VPS with any Personal Information. Children under thirteen (13) years of age are required to obtain the express permission of a parent or guardian before submitting any Personal Information about themselves over the internet. If a child under thirteen (13) years of age has provided VPS with Personal Information without the consent of a parent or guardian, the parent or guardian of that child should contact the Privacy Officer immediately at firstname.lastname@example.org. VPS will use commercially reasonable efforts to promptly delete such child’s information from its servers.
VIII. California Privacy Rights.
Under California law, California residents can now ask companies with whom they have an established business relationship to provide certain information about such companies’ sharing of personal information with third parties for direct marketing purposes during the past year.
VPS’s policy is to share your Personal Information for direct marketing purposes only with your informed consent. With your consent, from time to time, VPS may provide share your Personal Information with its subsidiaries and/or affiliates for purposes of marketing relevant services, products and programs to you. If you previously provided VPS with such consent but no longer want your Personal Information to be shared, please contact the VPS Privacy Officer at email@example.com and request a change in your preference and/or opt-out of communications without charge.
IX. International Data Transfers.
X. Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”).
Canada has enacted federal privacy legislation, the Personal Information Protection and Electronic Documents Act (“PIPEDA”), which incorporates ten (10) “Fair Information Principles” regarding your Personal Information. IPC adheres to these Fair Information Principles for Personal Information collected and/or transferred from Canada, which are as follows:
- Principle 1 - Accountability. An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the fair information principles.
- Principle 2 - Identifying Purposes. The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Principle 3 - Consent. The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
- Principle 4 - Limiting Collection. The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Principle 5 - Limiting Use, Disclosure and Retention. Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
- Principle 6 - Accuracy. Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- Principle 7 - Security Safeguards. Personal information shall be protected by security safeguards appropriate to the sensitivity of the Personal Information.
- Principle 8 - Openness Concerning Policies and Practices. An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Principle 9 - Individual Access to Personal Information. Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Principle 10 - Challenging Compliance. An individual shall be able to address a challenge concerning compliance with the fair information principles to the designated individual or individuals accountable for the organization’s compliance.
X. Safe Harbor Compliance.
VPS is in compliance with the U.S. Department of Commerce Safe Harbor requirements regarding the transfer of personal information from the European Economic Area and Switzerland to the United States. VPS has been Self-Certified under the Safe Harbor privacy framework as set forth by the U.S. Department of Commerce, European Commission and Switzerland regarding the collection, storage, use, transfer and other processing of personal data transferred from the European Economic Area and/or Switzerland to the U.S., in accordance with the EU Directive on Personal Data Protection. The principles of Safe Harbor compliance are:
- Notice - Individuals must be informed that their data is being collected and about how it will be used;
- Choice - Individuals must have the ability to opt-out of the collection and forward transfer of the data to third parties;
- Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles;
- Security - Reasonable efforts must be made to prevent loss of collected information;
- Data Integrity - Data must be relevant and reliable for the purpose for which it was collected;
- Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate; and
- Enforcement - There must be effective means of enforcing these principles.
Further information regarding the Safe Harbor principles and certification process can be found at www.export.gov/safeharbor.
In addition, the U.S. Department of Commerce maintains a list of all Safe Harbor compliant organizations, which can be accessed at http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list.
XIII. Contact Information.
If you have any questions or complaints, or you wish to access, correct or delete your Personal Information, please contact the VPS Privacy Officer. The VPS Privacy Officer can be reached by telephone at: 1-888-445-9239; by Facsimile at: (305) 670-4465; by email at firstname.lastname@example.org; or by mail at Value Pay Services LLC, 9200 South Dadeland Boulevard, Suite 705, Miami, FL 33156, Attention: Privacy Officer. If necessary, the Privacy Officer will contact another employee to assist in completing your requested task.
If you need to contact DAI’s Privacy Officer, the DAI Privacy Officer can be reached by telephone at: (203) 877- 4281 or 1-800-888-4848; by Facsimile at: (203) 876-6690; by email at email@example.com; or by mail at Doctor’s Associates Inc., 325 Bic Drive, Milford, CT, 06461, USA.
If you need to contact FWH’s Privacy Officer, the FWH Privacy Officer can be reached by telephone at: (203) 877- 4281; by Facsimile at: (203) 783-7479; by email at firstname.lastname@example.org; or by mail at Franchise World Headquarters, LLC, 325 Bic Drive, Milford, CT, 06461, USA.
XV. Changes and or Modifications Required by the Laws of Other Jurisdictions.
Reserved for future use.
Revised December 5, 2012