Privacy Notice

Updated: March 5, 2024

Important Information

Paymerang LLC takes privacy seriously and is committed to protecting your data. The policies set forth in this Privacy Notice are for the use of the Payment Automation and Invoice Automation services offered through our online application and email/phone-based customer support (collectively, the “Service”) which is owned and maintained by Paymerang, LLC (“Paymerang,” “we” or “us”). 

This Notice is provided to help you better understand how we collect, use, disclose, and protect all your data including but not limited to your Nonpublic Personal Information (“NPI”), Personally Identifiable Information (“PII”), and Protected Health Information (“PHI”).

By using the Service, you are accepting the practices described in this Privacy Notice. If you access or continue to use the Services, you agree with the data practices provided in this Privacy Notice.

What Information Do We Collect?

Paymerang collects different kinds of information. Some information is personally identifiable, which means information that identifies, or could be used by or on behalf of Paymerang to identify, an individual. Additionally, some information is aggregated or non-identified (“Usage Data”), which helps us to understand usage trends, consider new features, or otherwise enhance the Service. The types of information we receive or collect include:

Client and Prospective Client Information: When you register for or seek to use our Service for yourself or on behalf of your organization as a client, we receive:

Personal information, including but not limited to, the names of your employees and authorized users, addresses, phone numbers, and email addresses.
Related information, including but not limited to, the Client’s name, tax identification number, website, and bank account information.

Vendor information: In using the Service, Paymerang’s Clients will provide a list of vendors they conduct business with and want to make payments to via the Service. The vendor information we receive, includes, but is not limited to:

Vendor names, contact names, addresses, phone numbers, and email addresses. If the Vendor opts to receive electronic payments from Paymerang, we may receive additional personal information of the Vendor’s authorized users and the Vendor’s financial account information.
Certain remittance information from the Client and/or Vendor required to make the necessary payments with the Paymerang Service.

Log data: We collect certain information automatically and store it in log files, including internet protocol address, browser, operating system, and date/time stamp. We use this information to analyze usage trends, administer and maintain the Service, support audit requests, or track activity within the Service.

Usage data: We collect information about how you interact with the Service including the date and number of times you log in.

Device information: We may collect information about the device you’re using the Service on, including device type, operating system, browser, browser version, and selection of device settings.

Geo-location information: We may determine your approximate location using IP addresses received from your browser or device.

Voice Biometric information: We record phone calls between our employees, clients and vendors for quality assurance and training purposes. Participants are notified that the call is being recorded prior to any information being shared between parties. Voice recordings are deleted within 30 days of the completed quality assurance analysis.

Cookies: Paymerang uses cookies to recognize your device and provide optimal Service functionality. These session-based cookies have short expiration windows and are automatically deleted when you log-out of the Service. You can manage the use of cookies at the individual browser level. However, if you reject cookies, your ability to use some features of the Service may be limited. Paymerang does not currently recognize or respond to browser initiated Do Not Track signals.

Marketing and Sales Information (including your web browsing activity if cookies are enabled): Paymerang may collect information such as sales orders from third party lead generation resources and marketing list vendors, or from publicly available sources. We may receive information about your browsing activities on websites outside of Paymerang.com. We also receive information from marketing partners and event sponsors where we co-host events and webinars and from digital advertising partners, business partners, advertising networks, analytics providers, and search information providers.

Our use and disclosure of your data

Depending on the Service our Client may engage us to provide, Paymerang may have access to Personally Identifiable Information (“PII”), Protected Health Information (“PHI”) governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), Nonpublic personal information or financial information governed by the Gramm-Leach-Bliley Act (“GLBA”) and payment card data (“PCD”) covered by the Payment Card Industry Data Security Standards (“PCI DSS”) in order to provide our service obligations to our clients.

Paymerang uses your information for the following:

Providing the Service. We use the information you provide to identify and authenticate your delivery to the Service and process payments via the Service.
Contact and communication about, and use of, the Service. We use your information to respond to problems, questions, or concerns or to otherwise contact you about the Service.
Improving content and functionality of the Service. We use your information to analyze usage trends to consider new features or otherwise enhance the Service.
Any other purpose with your consent.

Additional Consideration for HIPAA: HIPAA establishes national standards for the protection of PHI in the United States. Paymerang provide services as a business associate (“BA”) and transmits, processes, or stores data that can be classified as PHI for a client that is a Covered Entity or BA under healthcare privacy regulations (“BA Agreement”).

We may use PHI for patient refund payment processing and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the HIPAA Privacy Rule.

In the event that PHI must be disclosed to a subcontractor, we will ensure that the subcontractor or third parties agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards. We may use PHI to report violations of law to appropriate federal and state authorities.

In the event of an information security breach of PHI by Paymerang or one of our business associates, we will notify our Covered Entity client, per our BA Agreement with the Covered Entity, then provide a breach of security notification

Additional Consideration for GLBA: Under the GLBA’s definition, Paymerang is a “financial institution” and therefore required to comply with the GLBA. Provisions of the GLBA Safeguards Rule define and control how financial institutions handle and destroy an individual’s personal information. The GLBA Privacy Rule also requires financial institutions to give customers written privacy notices explaining how they use and share private financial information. Paymerang complies with the GLBA Safeguards Rule and the GLBA Privacy Rule.

Additional Consideration for CCPA: The Service by design is considered as Business to Business (B2B) where client businesses pay vendor businesses. Knowing this and using the three (3) requirements to determine the scope of obligation for CCPA affecting for-profit organizations, (i) annual gross revenue, (ii) buying or selling of consumer data, and (iii) percent of revenue from selling consumer data, we believe the Service is not affected by CCPA at this time. We will continue to monitor the organization against the three requirements and will revise this Privacy Notice at that time.

Additional Consideration for VCDPA: The Virginia Consumer Data Privacy Act (VCDPA) went into effect January 1, 2023. Paymerang is considered a “financial institution” under the GLBA definition, making Paymerang exempt from VCDPA requirements. Nonetheless, we abide by all requirements listed within the VCDPA including, listing the categories of processed data, the purpose for data processing, instructions to enable customers to opt out of personal data collection, and disclosure of data processing for sales, targeted advertising, or profiling. Paymerang does not sell your personal information.

Third-Party Service Provider Sharing: Paymerang may disclose your information to our third-party service providers for the following business purposes:

To support the information technology services provided to you;
For customer service management;
To handle check printing and processing on our behalf; and
To process payment file, issue invoices, make payments on behalf of our clients to their respective vendors.

When we disclose your personal data for a business purpose, we enter a contract that requires that all third-party processors process your NPI, PII, PHI data with the same level of protection and in a manner consistent with the uses agreed upon in this Notice.

Paymerang does not sell (as such term is defined in the California Consumer Privacy Act) your personal information to any third-party, nor have we sold personal information in the past 12 months. This policy extends to your PHI, NPI, and PII data.

Safeguards

We use appropriate safeguards to prevent the use or disclosure of PHI, NPI, PII, and PCD other than as provided for in the Service Agreement.

We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of all sensitive information/data that we create, receive, maintain, or transmit on behalf of our Client considered to be a “Covered Entity” under HIPAA regulations and all other clients we provide services on its behalf.

Data quality, access and corrections

If Paymerang collects data as a processor or service provider, Paymerang will make reasonable efforts to keep personal data accurate, complete, and up to date as is necessary to fulfill the purposes for which the information is to be used. Unless Paymerang is permitted or required by law to prohibit access, upon receipt of your written request and by providing enough information to permit us to verify your identity, Paymerang will disclose to you the personal data we collected about you.

Upon request, we will follow our internal policy and procedures necessary to correct, amend or delete any personal data that is inaccurate and notify any third-party recipients of the necessary changes. You may update any information you have given to us by contacting us at the address given below.

You have the right to request the deletion or restriction of your personal data in certain circumstances as provided by applicable law. We will not discriminate against you for the exercise of these rights. Requests to delete personal data are subject to any applicable legal and ethical reporting, any legitimate business purpose that requires retention, or document retention obligations imposed on us.

If Paymerang collects personal data as a processor or service provider, Paymerang relies on its clients to supply Paymerang with accurate, complete, and up-to-date information. Paymerang makes reasonable efforts to maintain the integrity of the data within its online Services as necessary to fulfill the stated purpose for which the information is used. If a request for personal data is submitted to Paymerang by an individual, Paymerang, in its role as a processor or service provider, will direct the individual to the client for access.

Retention

Paymerang will retain information we process on behalf of Clients and Vendors for as long as your account is active or as needed to provide the Service, whichever time period is shorter. We may further retain and use this information as necessary to comply with our legal obligations, resolve disputes, maintain accurate accounting, maintain our industry standards and certifications, financial and other operational records, and enforce of our agreements.

Privacy Notice Changes

We may make changes to this Privacy Notice at our sole discretion at any time. We encourage you to periodically review this Privacy Notice to stay informed about our collection, processing, and sharing of your Personal Data. Your continued use of the Service after we make changes to the Privacy Notice is deemed to be acceptance of those changes.

Questions or Concerns

If you have questions or concerns about what has been provided in this Notice, please contact us by email at privacyoffice@paymerang.com, by phone at 804-603-1505, or at our mailing address below:

7401 Beaufont Springs Drive, Suite 300

Richmond, VA 23225

Name	Domain	Purpose	Expiry	Type
wordpress_sec	paymerang.com	Provides protection against hackers, store account details.	15 days	HTTP
wp-settings-54	Wordpress.com	WordPress uses these cookies to customize the website's view of admin interface and possibly also the main Website interface.	1 year	HTTP
wp-settings-time-54	Wordpress.com	WordPress uses these cookies to customize the website's view of admin interface and possibly also the main Website interface.	1 year	HTTP
wordpress_logged_in	wordpress.com	Store logged in users.	session	HTTP
wordpress_test_cookie	wordpress.com	To read if cookies can be placed.	session	HTTP
wpl_user_preference	wordpress.com	Wordpress GDPR Cookie Consent preferences.	1 year	HTTP
wpl_viewed_cookie	wordpress.com	This cookie stores information about your cookie consent state.	1 year	HTTP
_GRECAPTCHA	google.com	To provide spam protection.	session	HTTP

Name	Domain	Purpose	Expiry	Type
_an_uid	paymerang.com	Presents the user with relevant content and advertisement. The service provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.	7 days	HTTP
_uetvid	paymerang.com	Store and track visits across websites.	13 months	HTTP
__hstc	hubspot.com	To store time of visit.	6 months	HTTP
_fbp	facebook.com	To store and track visits across websites.	3 months	HTTP
_lo_uid	paymerang.com	To provide functions across pages.	13 months	HTTP
hubspotutk	hubspot.com	To store and track a visitor's identity.	6 months	HTTP
fr	facebook.com	To provide ad delivery or retargeting	3 months	HTTP
1P_JAR	google.com	To provide ad delivery or retargeting.	1 month	HTTP
NID	google.com	To provide ad delivery or retargeting, store user preferences.	6 months	HTTP

Name	Domain	Purpose	Expiry	Type
OTZ	www.paymerang.com	"OTZ" is a cookie used by Google Analytics that provides an aggregate analysis of Website visitors	1 month	HTTP
_lo_v	paymerang.com	Total number of vistor's visits.	1 year	HTTP
__lotl	paymerang.com	URL of visitor's original landing page, if any.	180 days	HTTP
wpe-auth	Wordpress.com	WordPress uses these cookies to customize the Website's view of admin interface and possibly also the main Website interface.	session	HTTP
__hssrc	hubspot.com	Store a unique session ID.	session	HTTP
_gd_visitor	paymerang.com	Collects visitor data related to user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded with the purpose of displaying targeted ads.	400 days	HTTP
ln_or	linkedin.com	Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.	1 day	HTTP
_gd_svisitor	j.6sc.co	Collects visitor data related to user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded with the purpose of displaying targeted ads.	400 days	HTTP
_gcl_au	google.com	To store and track conversions.	session	HTTP
_ga	google.com	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	400 days	HTTP
_gid	google.com	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	HTTP
UULE	google.com	Saves your preferred settings.	session	HTTP
AEC	google.com	Ensures that requests within a browsing session are made by the user, and not by other sites.	6 months	HTTP
DV	google.com	To provide ad delivery or retargeting.	1 day	HTTP

Privacy Notice

Important Information

What Information Do We Collect?

Our use and disclosure of your data

Safeguards

Data quality, access and corrections

Retention

Privacy Notice Changes

Questions or Concerns

Schedule a Live Demo

Corporate Headquarters

Satellite offices

Products

About

Industries

Resources

Support

Compliance