Privacy Policy - Updated on March 6th, 2017

Heartland Payment Systems, Inc. ("Heartland," "we," "us," "our") recognizes the importance of maintaining effective privacy practices. Among other topics, this Privacy Policy together with the Site’s Terms of Use explains:

  1. What type of Personal Information we collect about visitors or users of our websites, mobile applications, and online services linked to this Privacy Policy(collectively referred to herein as the "Services");
  2. How we collect Personal Information;
  3. How we use Personal Information;
  4. Who we share Personal Information with; and
  5. How we store and protect Personal Information.

By using the Services, you accept and agree to the terms and conditions of this Privacy Policy. If you do not wish to agree to this Privacy Policy, please do not use the Services and do not provide any information about you to us.

We will routinely update this Privacy Policy to clarify our practices and to reflect new or different privacy practices, such as when we add new services, functionality or features to the Services. Updates may be with or without notice, and we recommend you visit this page frequently to review changes. You can determine when this Privacy Policy was last revised by referring to “Last Updated” above. Any changes to this Privacy Policy will be effective upon posting on this Site.

Glossary of Terms Used

"Affiliate" means a company owned and/or controlled by Heartland.

"Business Partners" means, collectively, third parties with whom we conduct business.

"Cookie" means a small amount of information that a web server sends to your browser that stores information about your account, your preferences, and your use of the Services. Some cookies are temporary, whereas others may be configured to last longer. Session Cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases session cookies once you exit your browser. Persistent Cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser.

"Device Data" means information concerning a device you use to access, use, or interact with the Services, such as operating system type or mobile device model, browser type, domain, and other system settings, the language your system uses and the country and time zone of your device, geo-location, unique device identifier or other device identifier, mobile phone carrier identification, and device software platform and firmware information.

"Non-Identifying Information" means information that alone cannot identify you, including data from Cookies, Pixel Tags and Web Beacons, and Device Data. Non-Identifying Information may be derived from Personal Information.

"Other Sources" means sources of information that legally provide Heartland with your information, and which are outside the scope of this Privacy Policy at the time of collection.

"Partner or School" means a school, school district, or organization of schools or school districts for which Heartland provides the Services.

"Personal Information" means information about you that specifically identifies you or, when combined with other information we have, can be used to identify you. This includes the following types of information: (1) contact information, including your name, postal addresses, email addresses, telephone numbers, or other addresses at which you are able to receive communications; (2) financial information, including information collected from you as needed to process payments and to administer your participation in the Services. We collect such information as your payment card number, expiration date, and card verification number; and (3) demographic information related to billing. For certain school districts, you as the parent of a student may also provide the student’s (1) first and last names, (2) student identification number and (3) school attending.

"Pixel Tags and Web Beacons" means tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed specific actions.

"Services" means the payment terminals, websites, mobile applications, or online services owned or operated by Heartland and its Affiliates linked to this Privacy Policy.

"Vendors" means, collectively, third parties that perform business operations on behalf of Heartland, such as transaction processing, billing, mailing, communications services (email, direct mail, etc.), data processing and analytics.

Index of Topics Addressed in this Privacy Policy

  1. How Heartland Collects Information
  2. How Heartland Uses Information
  3. When and Why Heartland Discloses Information
  4. Security of Personal Information
  5. Data Anonymization and Aggregation
  6. Third-Party Websites and Services
  7. Your Choices
  8. Accessing Personal Information; Retention of Data
  9. Social Networks
  10. Notice to Residents of Countries outside the United States of America
  11. California Privacy Rights
  12. Children's Privacy
  13. Contact Us

1. How Heartland Collects Information

We will collect information, including Personal Information and Non-Identifying Information, when you interact with us and the Services, such as when you:

  • access or use the Services;
  • register, subscribe, or create an account with us;
  • open or respond to our emails or communicate with us;
  • provide information to enroll or participate in programs provided on behalf of, or together with, Schools or Business Partners; and
  • visit any page online that displays our ads or content.

We also may collect Personal Information when you contact us via email or our online customer service options.

We may receive information from Other Sources. Heartland will use such information in accordance with applicable laws. Such information, when combined with Personal Information collected as provided in this Privacy Policy, will also be handled in accordance with this Privacy Policy. We also use Cookies, Pixel Tags and Web Beacons, local shared objects, files, tools and programs to keep records, store your preferences, and collect Non-Identifying Information, including Device Data and your interaction with the Services and our Business Partners' web sites.

We use Cookies that contain serial numbers that allow us to connect your use of the Services with other information we store about you in your profile or as related to your interactions with the Services. We use Session Cookies on a temporary basis, such as to manage your view of pages on the Services. We use Persistent Cookies for a number of purposes, such as retrieving certain information you have previously provided (for example, your user id if you asked to be remembered). Information from Cookies also tells us about the website you were visiting before you came to the Services and the website you visit after you leave the Services.

When you access these pages or open email messages, we use Pixel Tags and Web Beacons to generate a notice of that action to us, or our Vendors. These tools allow us to measure response to our communications and improve the Services.

Device Data may be collected when your device interacts with the Services and Heartland, even if you are not logged into the Services using your device. If you have questions about the security and privacy settings of your mobile device, please refer to instructions from your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

Because we do not track our Site’s users over time and across third-party sites, we do not respond to browser do not track signals at this time.

2. How Heartland Uses Information

We (or our Vendors on our behalf), use information collected as described in this Privacy Policy to:

  • Operate, maintain and improve the Services;
  • Facilitate transactions you initiate or request through the Services;
  • Answer your questions and respond to your requests;
  • Communicate and provide additional information that may be of interest to you concerning your chosen Services. Send you reminders, technical notices, updates, security alerts, support and administrative messages, service bulletins, and requested information.
  • If you elect to participate, administer rewards, surveys, contests, or other promotional activities or events sponsored by us or our Business Partners;
  • Manage our everyday business needs, such as administration of our Services, analytics, fraud prevention, and enforcement of our corporate reporting obligations and Terms of Use, or to comply with applicable state and/or federal law;
  • Enhance other information we have about you directly or from Other Sources to help us better provide your chosen Services to you.

We also may use information collected as described in this Privacy Policy with your consent or as otherwise required by state and/or federal law.

3. When and Why Heartland Discloses Information

We (or our Vendors on our behalf) may share your Personal Information as required or permitted by the School to provide the Services in compliance with the federal Family Educational Rights and Privacy Act and/or other applicable state and/or federal law. We may share your Personal Information:

  • With Schools in which the student is or has been affiliated.
  • with any Heartland Affiliate which may only use the Personal Information for the purposes described in this Privacy Policy;
  • with our Vendors to provide services for us and who are required to protect the Personal Information as provided in this Privacy Policy;
  • with a purchaser of Heartland or any of Heartland Affiliates (or their assets);
  • to comply with legal orders and government requests, or as needed to support auditing, compliance, and corporate governance functions;
  • to combat fraud or criminal activity, and to protect our rights or those of our Affiliates, users, and Business Partners, or as part of legal proceedings affecting Heartland;
  • in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate;
  • Upon your consent or election to participate, with any third party for any reason.

4. Security of Personal Information

Heartland maintains reasonable administrative, technical and physical safeguards to protect the confidentiality of information transmitted online, including but not limited to encryption, firewalls and SSL (Secure Sockets Layer). Heartland has implemented policies and practices pursuant to various security rules and regulations relating to the security and safeguarding of payment cardholder data, including the Payment Card Industry Data Security Standards (PCI-DSS).

To ensure that the only individuals and entities who can access Personal Information are those that have been specifically authorized by Heartland to access Personal Information, Heartland has implemented various forms of authentication to identify the specific individual who is accessing the information. Heartland individually determines the appropriate level of security that will provide the necessary level of protection for the Personal Information it maintains. Heartland does not allow any individual or entity unauthenticated access to Personal Information at any time.

Heartland is not liable for loss resulting from the loss of passwords due to user negligence. If you believe your password has been lost or compromised, we recommend that you immediately change your password.

5. Data Anonymization and Aggregation

Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data, for example, for statistical analysis and administration including analysis of trends, to carry out actuarial work, to tailor products and services and to conduct risk assessment and analysis of costs and charges in relation to our products and services. We may share anonymized or aggregated data with our affiliates and with other third parties. This policy does not restrict our use or sharing of any non-personal, summarized, derived, anonymized or aggregated information (i.e., volumes, totals, averages, etc.).

6. Third-Party Websites and Services

This Privacy Policy only addresses the use and disclosure of information by Heartland through your interaction with the Services. Other websites that may be accessible through links from the Services may have their own privacy statements and personal information collection, use, and disclosure practices. Our Business Partners may also have their own privacy statements. We encourage you to familiarize yourself with the privacy statements provided by these other parties prior to providing them with information.

7. Your Choices

In addition, you may choose to unsubscribe from promotional email messages by using the unsubscribe instructions at the bottom of promotional emails. Please note that even if you unsubscribe from promotional email messages, we may still need to contact you with important transactional information related to your account. For example, even if you have unsubscribed from our promotional email messages, we will still send you confirmations when you utilize the Services.

You may manage how your browser handles Cookies by adjusting its privacy and security settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available.

You may manage how your mobile device and mobile browser share certain Device Data with Heartland, as well as how your mobile browser handles Cookies by adjusting the privacy and security settings on your mobile device. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

If you wish to stop receiving offers directly from our Business Partners, with whom you have elected to participate, you can follow the unsubscribe instructions in the emails that they send you.

8. Accessing Personal Information; Retention of Data

For some of our Services, you may access, update and delete information in your profile by logging into your account and accessing your account profile.

If you have questions or requests related to your information, please contact us as set forth in Section 13 below. While we are ready to assist you, please note that we cannot always delete records. For example, we are required to retain records relating to certain transactions involving the Services for financial reporting and compliance reasons. We will retain your Personal Information for as long as your account is active or as needed to provide you with the Services and to maintain a record of your transactions for financial reporting purposes. We will retain and use your Personal Information only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. Social Networks

The Services may be accessible through or contain connections to areas where you may be able to publicly post information, communicate with others such as discussion boards or blogs, review products and merchants, and submit media content. Prior to posting in these areas, please read our Terms of Use carefully. All the information you post may be accessible to anyone with Internet access, and any Personal Information you include in your posting may be read, collected, and used by others. For example, if you post your email address along with a public restaurant review, you may receive unsolicited messages from other parties. You should avoid publicly posting Personal Information or identifying information about third parties.

10. Notice to Residents of Countries outside the United States of America

If you live outside the United States (including in the EEA/CH), and you use the Services or provide us with Personal Information directly via the Services, your information will be handled in accordance with this Privacy Policy. By using the Services or giving us your Personal Information, you are directly transferring your Personal Information and Non-Identifiable Information to us in the United States. The United States may not have the same level of data protection as your jurisdiction. However, you agree and consent to our collection, transfer, and processing of your Personal Information and Non-Identifiable Information in accordance with this Privacy Policy. You are solely responsible for compliance with any data protection or privacy obligations in your jurisdiction when you use the Services or provide us with Personal Information. Regardless of where we transfer your information, we still protect your information in the manner described in this Privacy Policy.

11. California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of personal information that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the preceding calendar year. In particular, the law provides that companies must inform consumers about the categories of personal information that have been shared with third parties, the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. To request a copy of the information disclosure provided by Heartland pursuant to Section 1798.83 of the California Civil Code, please contact us via the email or address stated above. Please allow 30 days for a response.

Heartland complies with California Assembly Bill No. 1584 and California Senate Bill No. 1177.

12. Children's Privacy

Heartland does not intend that any portion of the Services will be accessed or used by children under the age of thirteen, and such use is prohibited. The Services is designed and intended for adults. By using Heartland's Services, you represent that you are at least eighteen years old and understand that you must be at least eighteen years old in order to create an account and utilize the Services. We will promptly delete information associated with any account if we obtain actual knowledge that it is associated with a registered user who is not at least eighteen years old.

13. Contact Us

The Site is operated by Heartland Payment Systems, Inc.

Our postal address is
570 Devall St., Suite 202
Auburn, Alabama 36830

We can be reached via email at or you can reach us by telephone at 1-855-832-5226.

If you feel that this site is not following its stated information policy, you may contact us at the above addresses or phone number.