top of page

Hopdoc Privacy Policy

Privacy Policy Effective:

1. OUR COMMITMENT TO PRIVACY Hopdoc, LLC (“Hopdoc” “we” “our”) is the owner and operator of this and other websites within our family of companies (collectively “Website”). The products and services we offer represent tech-enabled payments solutions for a wide variety of industries. We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly,with a particular person or device (“personal information” or “PI”). We are committed to protecting any PI collected while providing those services. You have the right to know the PI that is being collected, to know if it is being sold or shared, and to whom, to object to the sale of PI, to access your PI, and to equal service and price, even for consumers who exercise their privacy rights. This Privacy Policy applies to all visitors to this website and anyone else who accesses or uses our products and services. WHEN YOU ACCESS THE WEBSITE, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, OR TO ANY CHANGES WE MAY SUBSEQUENTLY MAKE, IMMEDIATELY STOP ACCESSING THE WEBSITE.

2. OUR FAMILY OF COMPANIES You may find a complete list of our family of companies and our websites here.

3.THE PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT IT

How we collect and store information depends on the products and services you use. You can use some of the Website without providing any information other than that automatically collected as described below:

  • Log data: Our servers automatically record information when you access the Website, the type of browser you are using and its settings, the third party website you visited immediately prior to accessing the Website, the operating system you are using, the domain name of your internet service provider, the search terms you use on the Website, the specific pages of the Website you visit, and the duration of your visits.

  • Cookie data: Like many websites, we use “Cookies” to obtain certain types of information when your web browser accesses the Website. "Cookies" are small text files that we transfer to your computer's hard drive or your web browser memory to enable our systems to recognize your browser and to provide convenience and other features to you, such as recognizing you as a frequent user of the Website. We may use “session cookies” (cookies that last until you close your browser) or “persistent cookies” (cookies that last until you or your browser delete them). Examples of the information we collect and analyze from cookies include your activity on the Website, including the URL you come from and go to next (whether this URL is on our site or not).

    If the Website contains link through to third party websites, those processes may involve the placement of third party cookies on your machine or device. Please be aware that we do not control these third party websites or any of the content contained on those websites, including the third-party cookies used for these purposes. The inclusion of links to third party websites in no way constitutes an endorsement by us of such websites’ content, actions, or policies.

If you are concerned about the storage and use of cookies, you may be able to direct your internet browser to notify you and seek approval whenever a cookie is being sent to your web browser or hard drive. You may also delete a cookie manually from your hard drive through your internet browser or other programs. Please note, however, that some parts of the Website may not function properly or be available to you if you refuse to accept a cookie or choose to disable the acceptance of cookies.

• Experience data: We collect other PI that is voluntarily provided by you from time to time if you respond to surveys, polls or questionnaires, and/or website registration forms. Such PI may include personal preferences, opinions and experiences with our products and services, and may be provided anonymously.

In addition to the PI automatically collected, we may also collect PI about you: when you complete and submit registration forms, applications or other forms; from third parties, consumer-reporting agencies, fraud monitoring providers, commercial databases or know your customer providers (KYC); and transactions with us or our affiliates. This PI may include name, address, web address, IP address, URL, email address, phone number, payment transaction information, financial and credit card information, date of birth, government identifiers associated with you and your organization (such as your social security number, tax number, or Employer Identification Number), merchant or other customer identification.

The information we have collected in the last 12 months, and may collect in the future, whether automatically, from you, or from third parties, fall into the following categories: personal identifiers, personal information listed in the California Customer Records Statute (Cal. Civ. Code 1798.80(e), protected classification characteristics such as race, commercial information, biometric information, internet or other similar network activity, geolocation data, sensory data, professional or employment related data, non-public education information, and inferences drawn from other personal information. As discussed below, you may have the right to request information on the specific categories we collect about you.

*Please note – we may collect information that is deemed to be educational information, such as student name and education records, when you use our education services. This PI may also be protected by other state and/or federal laws, including the Family Education Rights and Privacy Act, as detailed in the terms and conditions governing your use of those services.

4. USE OF PERSONALLY IDENTIFIABLE INFORMATION We use the PI we collect in a variety of ways that are appropriate, based on legitimate interests or as authorized by applicable law, which may include:

  • Analyzing website traffic, which allows us to improve the design and content of the Website

  • Legal, regulatory or law enforcement purposes, including compliance with local and national laws (including card brand rules and requests from law enforcement and regulatory authorities); enforcing our legal rights and satisfying our legal obligations including, without limitation, any reporting or disclosure obligations under applicable law or regulations or subpoena, court order or other judicial or administrative process, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others; conducting our own due diligence checks, preventing, detecting and prosecuting fraud or crime or to assist others in doing so; assisting in investigation by third-party vendors, financial organizations or third parties of suspected criminal activity; assessing financial and insurance risks; notifying you about important changes or developments to the Website or our services, recovering debt or in relation to your insolvency, including tracing your whereabouts; identifying and monitoring for fraud; maintaining internal recordkeeping and reporting; preparing and furnishing compilations and analyses as well as other reports of aggregated and anonymized PI; checking your personal or business credit status/profile and identity; and recording and tracking details of your transactions or your customer’s transactions

  • Evaluating credit risk, including conducting our own due diligence checks; checking your personal or business credit status/profile and identity; recording and tracking details of your transactions or your customer’s transactions; maintain internal recordkeeping and reporting; identifying and monitoring for fraud; assessing financial and insurance risks; mitigating PI security, sector or credit risk; and commercial purposes, such as trend analysis and the use of data analytics to obtain learnings and insight around cardholder transaction patterns and usage

  • Fraud monitoring, including monitoring merchant or other customer transactions in an effort to detect and prevent fraud; maintaining internal recordkeeping and reporting; preparing and furnishing compilations and analyses as well as other reports of aggregated and anonymized PI; and providing or developing more innovative and effective fraud monitoring services for our merchants or other customers

  • Maintaining Security, including conducting our own due diligence checks; administering the Website and services for internal operations, including troubleshooting; keeping the Website and services safe and secure; maintaining internal recordkeeping and reporting; identifying and monitoring for fraud; and mitigating PI security, sector or credit risk

  • Marketing, including marketing or market research; performing analysis and comparisons; maintaining internal recordkeeping and reporting; improving and developing our business; providing PI about the Website and services you requested, purchased or which may be of interest to you; providing or developing more innovative and effective services for our partners, merchants or other customers; communicating with you; creating promotional materials, social media site integration and interaction; notifying you about important changes or developments to the Website and services; improving the Website and services, and ensuring content is presented in effective way; allowing you to participate in interactive features of the Website

  • Product development, including providing or developing the Website and services to be more innovative, user friendly and effective; maintaining internal recordkeeping and reporting; preparing and furnishing compilations and analyses as well as other reports of aggregated and anonymized PI

  • Customer Service/Account Management, including enabling you to contact us; providing training; authorizing and establishing commercial user and merchant accounts; maintain internal recordkeeping and reporting; enabling you to upload and/or store PI; obtaining your views on the Website and services; allowing you to participate in interactive features of the Website; responding to any inquires by you; providing the Website and services to you and your business; subscribing you to our services; registering your use of services where applicable, processing your application for services; and notifying you about important changes or developments to the Website or services

  • Operations, including IT, security and analytics services

  • Risk Management, including fraud mitigation and management, authentication and acceptance

  • Transaction Processing, including compliance monitoring, card brand operations, disputes/chargebacks, capturing payments, settlement, gateway services, pre-paid card processing and program management and authorization

5. HOW AND WHEN WE SHARE PERSONALLY IDENTIFIABLE INFORMATION We only share your PI with third parties, as outlined below:

  • Legal or regulatory purposes, including when required or permitted to do so by law or regulations, including for tax purposes or to comply with financial services regulations; in the course of litigation; when following requests from governmental or public authorities; and when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others

  • Business purposes, including improving and developing our business, business partners, suppliers and sub-contractors for the performance of any contract we may enter into with them or you, transferring PI and/or assets in the event of a merger, acquisition, sale, bankruptcy filing, or other corporate restructuring (if we or substantially all of our assets are acquired by a third party, in which case PI held by it about its customers will be one of the transferred assets); and if we sell or buy any business or assets, in which case we may disclose your PI to the prospective seller or buyer of such business or assets

  • Commercial purposes, we collect information from official records, such as tax records, driving records, criminal and civil court records that are generally publicly available that may be shared with third parties.

Suppliers who assist us with the provision of its services, including fulfilling or processing application forms, processing payments; managing credit, security, sector and fraud risk, market research and survey activities

  • Email communications, including use your email address to respond to your questions or comments, and we may save your questions or comments for future reference. We may email you when you inquire about our business or our family of companies or our products and services or when you consent to being contacted by email for a particular purpose. For security reasons, we do not recommend that you send personal PI, such as passwords, social security numbers, or bank account PI, to us by email

  • Transfer of Assets, including the sale or purchase of all or substantially of our assets as we continue to develop our business, or if any bankruptcy or reorganization proceeding is brought by or against us, PI will be transferred to and used by an acquiring entity or third party.

To the extent we are deemed to “sell” your non-public personal information (as the term “sell” is defined under law, such as the California Consumer Privacy Act), you have the right to opt-out of that “sale” on a going-forward basis at any time. “Third parties” with whom we have shared PI in the last 12 months, and may share with in the future, may include, but not be limited to, service providers, governmental authorities, buyer in the event of a sale, contractors, third parties who market their products and services to the individual, subsidiaries and affiliates, and in some cases with customers (like schools and landlords).

Notwithstanding anything herein to the contrary, we reserve the right to disclose any PI about you if we are required to do so by law, with respect to copyright and other intellectual property infringement claims, or if we believe that such action is necessary to fulfill a government request; conform with the requirements of the law or legal process; protect or defend our legal rights or property, the Website, or other members of our family of companies; or in an emergency to protect the health and safety of the users of the Website or the general public

6. YOUR RIGHTS AND CHOICES. Our goal is to provide you with simple and meaningful choices about how your information is used. If you are a visitor to our Website or a customer, merchant or partner, you control your choices by your selections when you set up your account with us, for example to control the email you receive from us. Your account information will be retained in our database and maintained for future orders or transactions and as required under applicable law, rules, and/or regulations. It is your responsibility to ensure that the account information is accurate and you should update the information as necessary. We do retain information concerning transactions other than PI. For example, we retain non-personally identifiable data concerning the number, frequency, size and purpose of transactions. You have a right to inspect and review your account information, including your PI. If you request it, we will provide you with a copy of your account information.

You may request, up to twice in a 12-month period, the following information about the PI we have collected about you during the past 12 months, the categories and specific pieces of PI we have collected about you, the categories of sources from which we collected the PI, the business or commercial purpose for which we collected the PI, the categories of third parties with whom we shared the PI, the categories of PI about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose. Subject to certain limitations under applicable law, you may request that we delete the PI we have collected. To submit a request to exercise any of the rights described above, you may contact us by emailing compliance@hopdoc.com or calling 855-250-5850. We may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required.

  • Cookies and Automatic Data Collection Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. However, if you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly. If you do not want Google Analytics to be used in your browser, Google Analytics provides an op-out tool which can be found here. You can opt-out of Adobe Analytics by using Adobe’s opt-out browser add-on at http://www.adobe.com/privacy/opt-out.html. In some cases, you may be able to set your browser or email program to not download web beacons.

  • California Shine the Light Law. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. At this time, we do not engage in this type of disclosure.

  • Nevada Residents. Nevada residents have the right to opt out of the sale of certain "covered information" collected by operators of websites or online services. We do not sell covered information, as "sale" is defined by such law, and have no plans to sell this information.

7. OUR COMMITMENT TO SECURITY We value your confidence and have implemented administrative, technological and physical security measures we consider reasonable and appropriate to protect against the loss, misuse and alteration of the PI under our control. We cannot, however, guarantee or warrant the security of any PI you disclose or transmit to us online and are not responsible for the theft, destruction, or inadvertent disclosure of your PI. We recommend that you take steps to protect the privacy and security of your personal and payment PI and your activity while using the Internet. Where we have has given you (or where you have chosen) a password or access code enabling you to access certain parts of the Website, you are responsible for keeping this password and/or access code confidential. You should not share your password or access code with anyone and you should use all reasonable methods to ensure that there is no unauthorized use. You therefore authorize us to act upon instructions and PI received from any person that enters your user ID and password and you agree to be fully responsible for all use and any actions that may take place during the use of your account. You also agree to promptly notify us of any PI you have provided which has changed.

8. CHILDREN UNDER 13 We have no way of distinguishing the age of individuals who access the Website. The features, programs, promotions and other aspects of the Website requiring the submission of PI are not intended for children. We do not knowingly collect PI from children under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed PI to us please contact us at legal@hopdoc.com. A parent or guardian of a child under the age of 13 may review and request deletion of such child's PI as well as prohibit the use thereof, and also we carry out the same Privacy Policy.

9. HIPAA The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), is a federal law intended to maintain the privacy and security of individuals' health information. In regard to Hopdoc’ obligations, HIPAA applies to certain activities of several Hopdoc subsidiaries ("Covered Entities") as defined under the privacy, security, breach notification, and enforcement rules at 45 C.F.R. Part 160 and Part 164 ("HIPAA Rules"). The Covered Entities’ activities include interacting with health plans, health plan clearinghouses, and health care providers that transmit health information electronically in certain types of transactions.

Although Hopdoc is ultimately responsible for HIPAA oversight, compliance, and enforcement obligations, as applicable, because the HIPAA Rules may apply to only certain  Hopdoc’ subsidiaries, Hopdoc does not wish to designate the entire enterprise as a hybrid entity or affiliated covered entity. Instead, Hopdoc has entered into HIPAA business associate agreements, were required, to permit Hopdoc to access, disclose, and use HIPAA protected health information in accordance with applicable law.

  • Hopdoc Entities Subject to HIPAA. You may find a complete list of our HIPAA compliant companies subject to HIPAA here.

  • Required Safeguard. Hopdoc shall comply with the HIPAA Rules, as applicable. In particular, Hopdoc shall require that:

(a) Hopdoc entities only disclose protected health information to another component or subsidiary of Hopdoc in accordance with the HIPAA Business Associate Agreement in place between these entities and in a manner that would not be prohibited under the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E);

(b) If a person performs duties as a workforce member for both a Covered Entity and a business associate entity in the same or similar capacity, the person will not use or disclose protected health information, created or received in the course of (or incident to) the person's work for the Covered Entity, in a way that is prohibited under the HIPAA Privacy Rule (45 C.F.R. Part 164, Subpart E).

  • Employee Health Records. Through its human resources office, Hopdoc maintains employee health records in its capacity as an employer. Employee health records are expressly excluded from the definition of protected health information under the HIPAA regulations, and the Hopdoc human resources office is not a Covered Entity.

  • Recordkeeping Requirement. Covered Entities shall retain documentation of compliance with HIPAA for at least six years

  • HIPAA Privacy and Security Officer. Hopdoc has appointed Rick Barnhill as the HIPAA Privacy and Security Officer for Hopdoc’ covered entity subsidiaries. For any questions regarding compliance with the HIPAA Rules and implementing regulations concerning Covered Entities, please contact the HIPAA Privacy and Security Officer.

10. REVISIONS TO OUR PRIVACY POLICY This Privacy Policy is effective as of the date stated above. We reserve the right to revise this Privacy Policy or any part of it from time to time. We will post a new or revised Privacy Policy to the Website, and we suggest you review our Privacy Policy periodically when accessing the Website.

11. CONTACT INFORMATION You may contact us at compliance@hopdoc.com if you have questions or comments about our Privacy Policy.

bottom of page