On our website, you may choose to use certain features which are provided by other entities. These features, which include social networking buttons (which will be prominently displayed on our webpage), are operated by third parties that are not affiliated with Flywire, and they may collect information directly from you. These third parties may use your information in accordance with their own privacy policies and practices.
A. Information We Collect
We may obtain information about you in a variety of ways, such as when you voluntarily provide it to us, in our role as a processor of payment transactions, or when it is automatically sent to us by the device you use to access the Service.
Information We Collect From You
When you use the Service, you may provide us with the following types of information:
- Your Account information. To create an account you will need to provide us with your name, email address, and password. We will also ask about your relationship with the person on whose behalf you are making a payment, if different from you.
- Payment Information. When submitting a payment through our Service, we ask the payer for information such as the payer’s name, address, phone number, and government identification number. You will also need to provide information about the person for whom you are submitting a payment. For example, when submitting a payment to an educational institution, we will also ask for the student’s name, student ID, invoice number, date of birth, year of graduation, educational institution, and student email address. When submitting a payment to a healthcare organization, we will ask the payer to provide information such as the patient’s name, medical record number or patient account number, bill identification number, invoice and health care organization. As part of the payment process, or to process a refund or charge-back, we and/or our partners may need the payer’s credit card information, financial account information, such as bank account numbers, names, and routing codes.
- Referrals. To invite others to use the Service, you may submit their names, emails, and, for students, their educational institution.
- Job Application Information. If you apply for a job with us, you may provide us with employment-related information such as your C.V. or resume.
- Messages and Customer Service Requests. We collect the information you submit when you communicate with us by email, chat, or other methods. This includes customer support where you may choose to submit information regarding a problem or whether you speak to one of our representatives directly or otherwise engage with our support team. A summary of the problem you are experiencing, screen shots, documentation or information that would be helpful in resolving the issue.
- Use of the service. We collect information about you when browsing our website and taking certain actions. This information includes links you click on; the type, size and filenames of attachments you upload to the services, content using analytics techniques that hash, filter or otherwise scrub the information and we collect clickstream data about how you interact with and use features of the services.
- Device Information. We collect information about your computer, phone, tablet or other devices you use to access the services. Including browser type, IP address, device identifiers and crash data. We will also use your IP address and/or country preference to provide you with better service.
Information We Collect From Others
We may receive information from others, including:
- Financial Institutions and Service Providers. In the course of processing your payment transaction we may work with a number of institutions, who we have partnered with, to help us provide our Service including banks and non-bank financial institutions such as card processors, electronic money institutions and payment service providers. To process a payment, a financial institution or service provider may share with us information about the payer’s account such as account name, number, routing code and other identifying information.
- Designated Entities. We may be provided with your name and email address, before your create an account, from the educational institutions, healthcare providers and other entities for which we serve as a payment agent, in order to contact you to encourage you to make a payment through our Service. Furthermore, these Designated Entities, may use the Service to communicate with you and manage the receipt of payments.
Information We Collect Using Cookies and Similar Technologies
When you visit our Service or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Service. We may link this data to your profile. You may be able to change browser settings to block and delete cookies when you access the Service through a web browser. However, if you do that, the Service may not work properly.
We work with third party partners such as analytics and advertising partners, who may collect information about your use of other websites and online services over time. To learn more about Google Analytics and the choices Google provides regarding your information, please visit http://www.google.com/policies/privacy/partners/.
Our advertising partners may collect your information in order to show you ads that may interest you. Where required under applicable law, we will request your consent to such collection and use of your information. You may opt out of receiving personalized advertisements from us and our advertising partners who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out sections on the websites of each of those organizations. Links to those sites are here:
Network Advertising Initiative: http://www.networkadvertising.org/choices/.
Digital Advertising Alliance: http://www.aboutads.info/choices/.
B. How We Use the Information We Collect
We may use the information we obtain about you, as permitted by applicable law, to:
- Provide and improve the Service;
- Authentication detail when logging in
- We use information about you to verify accounts and activities, to monitor suspicious or fraudulent activities and to identify violations of policy.
- Process your payment transaction and keep you informed about the status of your payment;
- Comply with and enforce applicable legal requirements, industry standards and our policies;
- Respond to your inquiries, resolve disputes and provide support;
- We use collective learnings about how people use our services to troubleshoot and to identify trends, usage, patterns and areas of integration to better analyze, operate and improve our business and the Service (including enhancing the user experience, managing communications and functionality, and developing new products and services);
- Communicate with you for Service-related purposes, such as sending payment reminders;
- Compare information for accuracy and verify it with third parties;
- Further our business relationship with you, if we have collected your personal information in the context of an actual or potential business relationship;
- Evaluate your application for employment and contact you regarding possible employment at Flywire, if you have applied for a job;
- De-identify or aggregate data collected through the Service and use and disclose it for any purpose; and
- Fulfill other purposes to which you have consented, which would be reasonably expected by you, or which are otherwise authorised or required by law. Where required by law or where we believe it is necessary to protect or legal rights; we will use information about you in connection to legal claims, regulatory issues, audit function, merger or funding.
C. Information We Share
- To process your payment, we may share some of your information with the Designated Entity, for whom we serve as the payment agent.
- We may share your information with service providers and vendors who assist us with the delivery of our Service. In some cases, to successfully process your payment or refund, we may share bank/payment receipt documents that you have sent to us with financial institutions under contract with whom we work, to assist with the processing and/or refund of that payment. Our contracts oblige these financial institutions to only use your personal information in connection with the services they provide to us and not for their own benefit.
- Additionally, your information may be shared with other financial institutions, trade bodies, anti-fraud organizations and law enforcement agencies for the purposes of identifying and preventing fraud, money laundering, terrorist financing and other financial crimes.
- Flywire is a business incorporated in the United States, which also operates several international affiliates and subsidiaries. We may share personal information with these, or future, affiliates.
- If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction.
We do not rent, sell, or share personal information (as defined by California Civil Code § 1798.83) about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission.
Flywire is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Flywire complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
D. Legal basis for processing
We collect and process information about you only when we have a legal basis for doing so under applicable laws. This means we collect and use your information where:
- We need to provide you the service, provide customer support, and to protect the security of the service;
- In some instances, we may share your information if we believe that having your information is reasonably necessary to comply with any applicable laws.
E. Your Rights and Choices
You may have certain rights regarding the personal information we collect and maintain about you and how we communicate with you.
- When we request information from you on the Service, you may always choose not to provide us with that information. However, if you decline to provide us with certain information, we may not be able to provide you with the Service offered.
- If you are located in Europe or UK you may direct us not to share your personal information with third parties, except (i) with the service providers and financial institutions under contract we have retained to perform services on our behalf, (ii) in the event we are acquired or we transfer all or a portion of our business or assets, (iii) if a legal process or law requires disclosure, (iv) with other financial institutions, trade bodies, anti-fraud organisations and law enforcement agencies for the purposes of identifying and preventing fraud, money laundering, terrorist financing and other financial crimes, or (v) when we believe, in our sole discretion, that the disclosure of personal information is appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
- Where your data is needed to be shared with third parties for payment, for example, payment partners, you will need to contact those third-party service providers directly to enforce your rights.
- You may ask us to stop using or processing your data where you have given us consent.
- You may contact us to withdraw your consent, but this will not affect any processing that has already taken place at the time.
F. Data Transfer
To facilitate our global operations, we transfer and store information in the U.S and allow access to that information from other countries in which Flywire operates. These countries may not have the equivalent privacy laws as those of the EU or UK. When we share information about you within and among our corporate affiliate (Flywire LTD, Flywire Romania, OnPlan Holdings, Flywire Securities, Flywire Global, Flywire Canada, Flywire Heathcare, Flywire Singapore, Flywire Pacific, Flywire G.K., Flywire Hong Kong, Pingfufei Commercial Shanghai) we make use of standard contractual data protection clauses, which have been approved by the European Commission.
EU-U.S. and Swiss-US Privacy Shield
When transferring any Personal Data from the EEA and Switzerland to the U.S., we adhere to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. Flywire has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability.
We commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
G. How We Protect Your Personal Information
Flywire maintains reasonable safeguards combining administrative, technical, and physical measures to provide protection to the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, interference, modification, disclosure or misuse.
We use data hosting service providers in the US and Ireland to host the information we collect and we use technical controls to secure that data
We use Secure Socket Layer (SSL) encryption on our website when transmitting information and use other commercially reasonable efforts to protect your information. We continue to assess new technology for protection of information and upgrade our information security systems where appropriate. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.
H. Security Practices
Flywire makes sure that our employees know and adhere to our security policies. We require periodic training on our security policies for all personnel, no matter their department. Personnel who work directly with customers receive extra training on emerging risks, such as identity theft.
All Flywire resources agree when joining the Company to a form of confidentiality/non-disclosure agreement or specific confidentiality undertaking in their agreements of employment. Flywire resources must understand and comply fully with these terms upon commencing work at Flywire, and keep information confidential that comes into their possession or control in connection with employment with Flywire. This includes internal Flywire information, as well as information relating to clients and third parties, and applies at any time during and after employment.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Flywire is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We retain your account information for as long as your account is active and as necessary to comply with our legal obligations. After such time we will either delete or anonymize your information or if it is not possible then we will securely store your information and isolate it from any further use until deletion is possible.
K. Children’s Privacy
Flywire is not directed to children, and we do not knowingly collect personal information from children under 13. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please let us know.
L. Links to Other Websites
N. Questions, Comments and Complaints about Our Handling of Personal Information
If you have any questions, comments or complaints about our collection, use, storage or disclosure of personal information, please contact us as set forth below. Flywire will take any privacy complaint seriously and we will aim to resolve any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
In compliance with the Privacy Shield Principles, Flywire commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Flywire using the contact information details below
O. Contact Information
Attn: Privacy Officer
141 Tremont Street, 10th Floor
Boston, MA 02111, USA
Flywire has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit
https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.