Privacy Policy - Updated on April 7th, 2016

Heartland Payment Systems, Inc. ("Heartland," "we," "us," "our") recognizes the importance of maintaining effective privacy practices. Among other topics, this Privacy Policy explains:

  1. What type of Personal Information we collect about visitors or users of our websites, mobile applications, and online services (collectively referred to herein as the "Services");
  2. How we collect Personal Information;
  3. How we use Personal Information;
  4. Who we share Personal Information with; and
  5. How we store and protect Personal Information.

By using the Services, you accept and agree to the terms and conditions of this Privacy Policy. If you do not wish to agree to this Privacy Policy, please do not use the Services and do not provide any information about you to us.

We will routinely update this Privacy Policy to clarify our practices and to reflect new or different privacy practices, such as when we add new services, functionality or features to the Services. If we make any material changes we will notify you by email (sent to the email address specified in any account you have with us) or by posting the new Privacy Policy within the Services. You can determine when this Privacy Policy was last revised by referring to the date it was "Last Updated" above.

Glossary of Terms Used Herein

"Affiliate" means a company owned and/or controlled by Heartland.

"Business Partners" means, collectively, third parties with whom we conduct business, such as merchants, marketers or other companies.

"Cookie" means a small amount of information that a web server sends to your browser that stores information about your account, your preferences, and your use of the Services. Some cookies are temporary, whereas others may be configured to last longer. Session Cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases session cookies once you exit your browser. Persistent Cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser.

"Device Data" means information concerning a device you use to access, use, or interact with the Services, such as operating system type or mobile device model, browser type, domain, and other system settings, the language your system uses and the country and time zone of your device, geo-location, unique device identifier or other device identifier, mobile phone carrier identification, and device software platform and firmware information.

"Non-Identifying Information" means information that alone cannot identify you, including data from Cookies, Pixel Tags and Web Beacons, and Device Data. Non-Identifying Information may be derived from Personal Information.

"Other Sources" means sources of information that legally provide Heartland with your information, and which are outside the scope of this Privacy Policy at the time of collection.

"Partner or School" means a school, school district, or organization of schools or school districts for which Heartland provides the Services.

"Personal Information" means information about you that specifically identifies you or, when combined with other information we have, can be used to identify you. This includes the following types of information: (1) contact information, including your name, postal addresses, email addresses, social networking website user account names, telephone numbers, or other addresses at which you are able to receive communications; (2) financial information, including information collected from you as needed to process payments and to administer your participation in the Services. We collect such information as your payment card number, expiration date, and card verification number; and (3) demographic information.

"Pixel Tags and Web Beacons" means tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed specific actions.

"Services" means the websites, mobile applications, or online services owned or operated by Heartland and its Affiliates.

"Third-Party Ad-Servers" means Vendors and other third parties that provide the technology to place ads on websites and track ad performance.

"Vendors" means, collectively, third parties that perform business operations on behalf of Heartland, such as transaction processing, billing, mailing, communications services (email, direct mail, etc.), data processing and analytics.

Index of Topics Addressed in this Privacy Policy

  1. How Heartland Collects Information
  2. How Heartland Uses Information
  3. When and Why Heartland Discloses Information
  4. Security of Personal Information
  5. Ownership of Student Records
  6. Third-Party Websites and Services
  7. Your Choices
  8. Accessing Personal Information; Retention of Data
  9. Social Networks
  10. Notice to Residents of Countries outside the United States of America
  11. California Privacy Rights
  12. Children's Privacy
  13. Contact Us

1. How Heartland Collects Information

We will collect information, including Personal Information and Non-Identifying Information, when you interact with us and the Services, such as when you:

  • access or use the Services;
  • register, subscribe, or create an account with us;
  • open or respond to our emails or communicate with us;
  • provide information to enroll or participate in programs provided on behalf of, or together with, Business Partners;
  • visit any page online that displays our ads or content

We also may collect Personal Information when you contact us via email or our online customer service options.

We may receive information from Other Sources. Heartland will use such information in accordance with applicable laws. Such information, when combined with Personal Information collected as provided in this Privacy Policy, will also be handled in accordance with this Privacy Policy. We also use Cookies, Pixel Tags and Web Beacons, local shared objects, files, tools and programs to keep records, store your preferences, and collect Non-Identifying Information, including Device Data and your interaction with the Services and our Business Partners' web sites.

We use Cookies that contain serial numbers that allow us to connect your use of the Services with other information we store about you in your profile or as related to your interactions with the Services. We use Session Cookies on a temporary basis, such as to manage your view of pages on the Services. We use Persistent Cookies for a number of purposes, such as retrieving certain information you have previously provided (for example, your user id if you asked to be remembered). Information from Cookies also tells us about the website you were visiting before you came to the Services and the website you visit after you leave the Services.

When you access these pages or open email messages, we use Pixel Tags and Web Beacons to generate a notice of that action to us, or our Vendors. These tools allow us to measure response to our communications and improve the Services.

Device Data may be collected when your device interacts with the Services and Heartland, even if you are not logged into the Services using your device. If you have questions about the security and privacy settings of your mobile device, please refer to instructions from your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

Online tracking. We currently do not process or comply with any web browser's "do not track" signal or other similar mechanism that indicates a request to disable online tracking of individual users who use the Services.

2. How Heartland Uses Information

We (or our Vendors on our behalf), use information collected as described in this Privacy Policy to:

  • Operate, maintain and improve the Services;
  • Facilitate transactions you initiate or request through the Services;
  • Answer your questions and respond to your requests;
  • Communicate and provide additional information that may be of interest to you concerning your chosen Services.
  • Send you reminders, technical notices, updates, security alerts, support and administrative messages, service bulletins, and requested information.
  • If you elect to participate, administer rewards, surveys, contests, or other promotional activities or events sponsored by us or our Business Partners;
  • Manage our everyday business needs, such as administration of our Services, analytics, fraud prevention, and enforcement of our corporate reporting obligations and Terms of Use, or to comply with applicable state and/or federal law;
  • Enhance other information we have about you directly or from Other Sources to help us better understand your chosen Services to you.

We also may use information collected as described in this Privacy Policy with your consent or as otherwise required by state and/or federal law.

3. When and Why Heartland Discloses Information

We (or our Vendors on our behalf) may share your Personal Information as required or permitted by the School to provide the Services in compliance with the federal Family Educational Rights and Privacy Act and/or other applicable state and/or federal law.

  • With Schools in which the student is or has been affiliated.
  • with any Heartland Affiliate which may only use the Personal Information for the purposes described in this Privacy Policy;
  • with our Vendors to provide services for us and who are required to protect the Personal Information as provided in this Privacy Policy;
  • with a purchaser of Heartland or any of Heartland Affiliates (or their assets);
  • to comply with legal orders and government requests, or as needed to support auditing, compliance, and corporate governance functions;
  • to combat fraud or criminal activity, and to protect our rights or those of our Affiliates, users, and Business Partners, or as part of legal proceedings affecting Heartland;
  • in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate; or
  • with your consent.
  • Upon your election to participate, with relevant Business Partners to facilitate a direct relationship with you, including in connection with any program we administer on behalf of the Business Partner;
  • Upon your election to participate, with relevant Business Partners to enable electronic communications with you as part of purchase, a sponsored reward, offer, contest, program, or other activity.
  • Upon your consent, with any third party for any reason other than to provide the Services.

Heartland and its Vendors do not engage in targeted advertising on its websites, services, or application based upon any Personal Information or upon your use of Heartland’s websites, services, or applications.

Heartland and its Vendors do not use Personal Information or any other information, regardless of the source, to amass a profile about a K-12 student except in furtherance of the applicable K-12 School purposes.

We encourage Business Partners to adopt and post privacy policies. However, their use of Personal Information which may be obtained by them from you is governed by their privacy policies and is not subject to our control.

We do not share Personal Information with Third-Party Ad-Servers; however, Third-Party Ad-Servers may automatically collect Non-Identifying Information about your visit to the Services and other websites, your device address, your Internet Service Provider and the browser you use to visit the Services. They do this by using Cookies, clear gifs and other technologies. Information collected may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage and visits to the Services and the other websites tracked by these third parties. This Privacy Policy does not cover the collection methods or use of the information collected by Third-Party Ad-Servers, and Heartland is not responsible for Cookies or clear gifs in third party ads. We encourage you to review the privacy policies or statements of these third party advertising companies to learn more about their use of Cookies and other technologies. If you would like more information about this practice and to know your choices about not having this information used by third party advertisers, please visit

4. Security of Personal Information

Heartland maintains reasonable administrative, technical and physical safeguards to protect the confidentiality of information transmitted online, including but not limited to encryption, firewalls and SSL (Secure Sockets Layer). Heartland has implemented policies and practices pursuant to various security rules and regulations relating to the security and safeguarding of payment cardholder data, including the Payment Card Industry Data Security Standards (PCI-DSS).

To ensure that the only individuals and entities who can access Personal Information are those that have been specifically authorized by Heartland to access Personal Information, Heartland has implemented various forms of authentication to identify the specific individual who is accessing the information. Heartland individually determines the appropriate level of security that will provide the necessary level of protection for the Personal Information it maintains. Heartland does not allow any individual or entity unauthenticated access to Personal Information at any time.

In the event of a breach, for which Heartland is responsible, of the within defined Personal Information, Heartland shall notify the School and you as required by governing state and/or federal law as to the nature of the breach and the steps Heartland has taken to minimize said breach.

Heartland is not liable for loss of passwords due to user negligence. If you believe your password has been lost or compromised, we recommend that you immediately change your password.

5. Ownership of Student Records

Student records are and continue to be the property of and under control of the School.

6. Third-Party Websites and Services

This Privacy Policy only addresses the use and disclosure of information by Heartland through your interaction with the Services. Other websites that may be accessible through links from the Services may have their own privacy statements and personal information collection, use, and disclosure practices. Our Business Partners may also have their own privacy statements. We encourage you to familiarize yourself with the privacy statements provided by these other parties prior to providing them with information or taking advantage of a sponsored offer or promotion.

7. Your Choices

In addition, you may choose to unsubscribe from promotional email messages by using the opt-out instructions at the bottom of promotional emails. Please note that even if you unsubscribe from promotional email messages, we may still need to contact you with important transactional information related to your account. For example, even if you have unsubscribed from our promotional email messages, we will still send you confirmations when you utilize the Services.

You may manage how your browser handles Cookies by adjusting its privacy and security settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available.

You may manage how your mobile device and mobile browser share certain Device Data with Heartland, as well as how your mobile browser handles Cookies by adjusting the privacy and security settings on your mobile device. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

If you wish to opt out of receiving offers directly from our Business Partners, with whom you have elected to participate, you can follow the opt-out instructions in the emails that they send you.

8. Accessing Personal Information; Retention of Data

For some of our Services, you may access, update and delete information in your profile by logging into your account and accessing your account profile.

If you have questions or requests related to your information, please contact us as set forth in Section 13 below. While we are ready to assist you, please note that we cannot always delete records. For example, we are required to retain records relating to certain transactions involving the Services for financial reporting and compliance reasons.

We will retain your Personal Information for as long as your account is active or as needed to provide you with the Services and to maintain a record of your transactions for financial reporting purposes. We will retain and use your Personal Information only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. Social Networks

The Services may be accessible through or contain connections to areas where you may be able to publicly post information, communicate with others such as discussion boards or blogs, review products and merchants, and submit media content. Prior to posting in these areas, please read our Terms of Use carefully. All the information you post may be accessible to anyone with Internet access, and any Personal Information you include in your posting may be read, collected, and used by others. For example, if you post your email address along with a public restaurant review, you may receive unsolicited messages from other parties. You should avoid publicly posting Personal Information or identifying information about third parties.

10. Notice to Residents of Countries outside the United States of America

If you live outside the United States (including in the EEA/CH), and you use the Services or provide us with Personal Information directly via the Services, your information will be handled in accordance with this Privacy Policy. By using the Services or giving us your Personal Information, you are directly transferring your Personal Information and Non-Identifiable Information to us in the United States. The United States may not have the same level of data protection as your jurisdiction. However, you agree and consent to our collection, transfer, and processing of your Personal Information and Non-Identifiable Information in accordance with this Privacy Policy. You are solely responsible for compliance with any data protection or privacy obligations in your jurisdiction when you use the Services or provide us with Personal Information. Regardless of where we transfer your information, we still protect your information in the manner described in this Privacy Policy.

11. California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of personal information that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the preceding calendar year. In particular, the law provides that companies must inform consumers about the categories of personal information that have been shared with third parties, the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. To request a copy of the information disclosure provided by Heartland pursuant to Section 1798.83 of the California Civil Code, please contact us via the email or address stated above. Please allow 30 days for a response.

12. Children's Privacy

Heartland does not intend that any portion of the Services will be accessed or used by children under the age of thirteen, and such use is prohibited. The Services is designed and intended for adults. By using Heartland's Services, you represent that you are at least eighteen years old and understand that you must be at least eighteen years old in order to create an account and utilize the Services. We will promptly delete information associated with any account if we obtain actual knowledge that it is associated with a registered user who is not at least eighteen years old.

13. Contact Us

The Site is operated by Heartland Payment Systems, Inc.

Our postal address is
570 Devall St., Suite 202
Auburn, Alabama 36830

We can be reached via email at or you can reach us by telephone at 1-855-832-5226.

If you feel that this site is not following its stated information policy, you may contact us at the above addresses or phone number.