At Global Payments, we understand your concerns about loss of privacy. This Website Privacy Statement („Statement“) covers the collection of personal information, information security and privacy standards applicable to all users of our websites, forums and blogs („Sites“) and mobile applications („Apps“) in connection with our business activities. For purposes of this Statement, the terms „Global Payments,“ „our company,“ the pronouns „we“ and „us“ refer to Global Payments Inc. and its subsidiaries and affiliates, as the context requires. Our privacy measures vary depending on the type of services we provide and the specific requirements of the particular countries in which we operate. For some services and products where this is required, we provide additional privacy statements before collecting your personal information. Please read this statement carefully. If you have any questions, you may contact us at privacy@globalpay.com or by the method set out in the „Contact Us“ section below.

Global Payments is a provider of payment products and services to both merchants and non-merchants. These products and services include card transaction processing, check cashing, cash services, payment terminal management and support, merchant account management and money transfers. As part of our payment processing activities, we routinely collect and maintain personal information about our customers and third parties with whom our customers do business. Information about the provision, transfer and other processing of personal data that occurs as part of our payment processing activities is set out in the documentation provided to our customers at or before the time they enter into a relationship with us and is not part of this Statement, as this only applies to data we collect through our Sites. Please click on any of the links below to go to the relevant section:

• Personal data we collect
• What sources of personal data we use
• How we use the personal data we collect
• How we share the personal data we collect
• Our relationship with affiliates (including sharing and cross-border transfers)
• Login details and your responsibility
• Setting your preferences
• Your legal rights
• Anonymisation and data aggregation
• How we protect and handle your personal data
• Cookies and other tracking technologies
• External links
• Children
• Changes and updates
• Choice of law
• Arbitration proceedings
• Contact us
• Region-specific information

• identifiers such as name and contact details, which includes telephone number, email address and postal address;
• information protected from security breaches, such as your username and password that you use to log in to the Site (see „Login Information and Your Responsibilities“ below);
• business information, which includes information about your business and your preferences regarding the products and related services you are interested in (see „Preference Settings“ below);
• Internet/electronic activity, which includes information collected through cookies and other tracking technology, such as location, device identifier, usage and usage history;
• Location;
• information provided by you, for example, when you report a problem with our Site; and
• records of correspondence, that we're conducting with you.

• so that we can provide you with services;
• to contact you in relation to an enquiry you have sent us or to comply with a request, such as a request for information about our products and services;
• to improve and personalize your use of the Site;
• to improve our existing products and services and develop new ones;
• for internal record-keeping and administrative purposes;
• for control purposes related to actual consumer interaction and concurrent transactions, including but not limited to counting ad impressions for individual visitors, verifying the position and quality of ad impressions, and checking compliance with laws and other regulations;
• for purposes related to the detection of security incidents, the protection against malicious, deceptive, fraudulent or illegal activity and the prosecution of those responsible for such activity;
• for internal research purposes for technology development and presentation;
• to verify or maintain the quality or safety of our products and services and to improve, update or enhance them;
• to contact you by email and send you newsletters or other updates, communications or publications if you have subscribed to this service;
• for direct marketing purposes based on your consent, if required by law (see „Preference settings“ below);
• as necessary to set up and manage your login and use of the login facility available on the Site; and
• to ensure compliance with applicable laws and regulations, or for other purposes required or permitted by applicable laws and/or regulations.

• with affiliates of Global Payments where sharing is necessary to provide the Services or for our business (see „Our Relationship with Affiliates“ below);
• with service providers whose systems, applications, products or services help us provide our own services. For example, we share personal information with IT service providers who manage our office systems and our Site and Applications. These service providers are bound by confidentiality obligations and obligated to use any personal information we share with them or that they collect for us only for the purpose of providing the agreed service to our company;
• in the event that you have been referred to Global Payments by a partner in connection with the Services, information may be shared with that referring partner. For example, if you have been referred to Global Payments by an independent organization, we may share information with the referring partner in accordance with the terms of our business relationship with you and that partner, subject to the applicable privacy statement provided to you by either party at the time your personal information is collected;
• we may share identifiers with logistics service providers for the purpose of delivering parcels to individuals;
• We may share information about your electronic/internet activity (see „Cookies and other tracking technologies“ below) with advertising and analytics service providers to measure the impact of our advertising campaigns and to better understand how individual users use our Sites and Apps;
• with third parties to whom we are instructed to disclose specified categories of your personal data.

In addition, Global Payments may disclose information about you if Global Payments believes that such disclosure is necessary to comply with the law or in response to a lawful request and legal process, to enforce our agreements, policies and terms of use, and to protect or defend the rights, safety or property of Global Payments, our service users or any other person.

In addition, we are permitted to share personal information based on applicable legal requirements in connection with a merger, financing, acquisition, bankruptcy, liquidation, transaction or proceeding involving the sale, transfer, divestiture of all or part of another company's assets or the disclosure of information about such assets.

We will not sell your personal data to any third party unless otherwise stated in a specific communication and unless you give your consent to do so if required by law.

Because our affiliates are located in different countries around the world, your personal information may be transferred to and stored in the United States or other countries outside your country of residence, which may be governed by different data protection laws than those in your country of residence.

We take appropriate measures to ensure that such transfers of personal data are carried out in accordance with the relevant law, that they consistently protect your right to privacy and your interests, and that they are limited to countries that are known to provide an adequate level of legal protection or have alternative adequate measures in place to protect your privacy.

Based on your consent, where required by law, we may use your personal information for the purpose of providing you with direct marketing information about our products and services and those of our affiliates in various locations around the world and third parties. We conduct direct marketing by email, telephone, mail, SMS or other relevant methods. In addition, we may provide direct marketing information and allow other parties to do so if permitted by our respective contracts with our customers.

We will also take steps to ensure that any direct marketing coming from us by electronic means will allow you to easily opt-out of receiving further communications from us in accordance with applicable laws. For example, in the case of emails, we may provide you with an „unsubscribe“ link or email address to which you can send your unsubscribe request. In addition, if we need your consent to send you direct marketing in accordance with applicable laws, if you give us such consent, you will be able to change your mind at any time.

With certain exceptions, and in some cases depending on the specific processing, certain users, which includes European Union citizens and California citizens, may have certain rights in relation to their personal data. These rights are:

Subject to your consent, where required by law, we may anonymise and aggregate your personal data in a way that ensures that you are not identified or identifiable from it, so that we can use such anonymised or aggregated data, for example, for statistical analysis and administration, including trend analysis, to perform actuarial analysis, to tailor products and services to customer needs and for risk assessment and cost and fee analysis in relation to our products and services. We may share anonymized or aggregated data with our global affiliates and other third parties. This Statement does not limit Global Payments' ability to use or share any non-personal, aggregated, derived, anonymized or aggregated information.

We have implemented administrative, technical and physical security measures to protect the personal information you provide to us from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Any suspected attempt to breach our measures and processes or unauthorised act of any kind relating to our information systems is considered a potential criminal offence. Suspected attempts to access or use our systems in a manner that violates our legal requirements or security controls may be reported to the appropriate authorities.

Please be aware that communication via the internet, e.g. email, is not secure. We strive to ensure the security of all confidential information and personal data provided to us in accordance with our obligations under applicable laws and regulations. However, as any website operator, we cannot guarantee the security of any data transmitted over the Internet. At such time as we no longer need your personal information to provide the Services, it will be securely removed or anonymized in a manner that will make it impossible to re-identify you. Where we collect or store your personal data on behalf of our Customer, our possession of your personal data may be subject to the terms of our contract with that Customer.

„A “cookie„ is a text file that is stored in your browser when you visit a website. Unique device identifiers, such as an IP address or UDID number, identify the computer or other device through which a visitor accesses the Internet. Unique device identifiers are used alone and in combination with cookies and other tracking technologies to “remember" the computers or other devices used to access the Site and Apps.

The use of cookies and other tracking technologies allows us to remember various information about your visit to the site, such as country, language and other settings. Tracking technologies give us insight into who has viewed what pages, advertisements or emails sent by us, which can help us determine how often certain pages are visited and the relevance and effectiveness of our communications. They also help us manage our Sites more efficiently so that you can do your job even easier the next time you visit. Cookies and other tracking technologies allow us to do all sorts of other things, as explained below.

Cookies can be categorised by duration and source:

Duration. The Site uses both „short-term“ and „persistent“ cookies. Short-term (session) cookies are temporary - their function is terminated when you close your browser or otherwise stop „active“ browsing. Persistent cookies remember you on your next visit. Persistent cookies are not deleted when you close your browser; instead, they remain stored on your computer or other device until you delete them yourself (see „How to delete or block cookies“ below).

Source. Cookies may come from a „first party“ or a „third party“, which means that they are set either by or on behalf of TSYS or by a third party that operates other websites. Examples of third party cookies may include certain elements contained on our Site, such as videos provided by other companies that are able to set and read their own cookies. Our Site may use both first party and third party cookies.

Cookies and tracking technologies that we may use on the Site fall into the following categories:

Necessary. These cookies are essential for the functioning of the website and cannot be disabled on our systems. They are usually only set in response to actions you take, such as logging in or filling in forms. You can set your browser to block or notify you of these cookies, but blocking them may reduce the functionality of the Site.

Power. These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and how visitors move around our website. All information collected by these cookies is aggregated. If you do not allow these cookies, we will not know when you have visited our website and will not be able to monitor its performance.

Functional. These cookies allow our Site to provide better functionality and personalization. They may be set by us or by external providers whose services we have added to our Site. If you do not enable these cookies, some of these services may not function properly.

Targeted cookies. These cookies may be set through our Sites by our advertising partners. They may be used by such companies to profile your interests and to serve relevant advertising on other websites. They are based on the unique identification of your browser and internet device. If you do not allow these cookies, you will be shown less targeted advertising.

How to delete or block cookies and other tracking technologies

Where technically possible, we will enable tools on some Sites that allow you to choose your settings for cookies and other tracking technologies. You also have the option to delete or block cookies at any time by changing your browser settings. You can either click on the „Help“ link on your browser toolbar to learn how to proceed, or you can review the Interactive Advertising Bureau's Cookie Management Guide, available at www.allaboutcookies.org. If you delete or block cookies, some elements of the Site may not function properly.

Global Payments may link to other websites on the Site that are not under its control. We do not endorse the content posted on such websites or the products and services offered on such websites and make no representations or warranties of any kind regarding such content, products or services. We make no representations regarding the use of such websites. Please note that we are not responsible for the privacy practices of the operators of such websites. We encourage our users to be aware when they leave our Site and to read the privacy statements of any website that collects personal information. This Statement applies only to information that we collect. You should read any other relevant privacy and cookie statements before you access and use any other website.

Our Site is not intended for children. We do not require and do not knowingly collect any personal information about persons under the age of 18. Please do not use this Website if you are under the age of 18.

We reserve the right, in our sole discretion, to modify, update, expand, delete, or otherwise change this Statement in whole or in any part at any time. Each time we change this Statement, we will make an adjustment to the „Last Updated“ date listed at the beginning of the document. At the same time, we will take reasonable steps to ensure that you are aware of any material updates, including by direct notices of such changes or notices made through the applicable Services. If you provide us with your personal information or access and use our Site after any changes to this Statement, we will assume that you have unconditionally accepted and agreed to the changes. The most current version of the Statement will be available on the Site and the Apps and supersedes all prior versions of this Statement.

Except to the extent prohibited by law, this Declaration, including any amendments and supplements, shall be governed by the laws of the United States of America, the State of Georgia, without regard to conflict of laws or choice of law principles that would require the application of the laws of another state.

Except to the extent precluded by law, by using our Site, you unconditionally agree and covenant that (1) any claim, controversy or dispute (whether based in contract, tort or otherwise) with respect to Global Payments or its parent, subsidiaries or affiliates, or any of their respective members, officers, directors and employees (all such persons and entities collectively referred to herein as „Global Payments Entities“) arising out of or in connection with the Services or in determining the scope of this Arbitration Agreement shall be exclusively, finally and bindingly resolved by arbitration before JAMS conducted by a single arbitrator under the JAMS Rules; (2) this Arbitration Agreement is negotiated by reason of a transaction involving interstate commerce and will be governed by the Federal Arbitration Act („FAA“), 9 U.S.C. §§ 1-16; (3) the arbitration shall be held in Atlanta, Georgia, USA; (4) the arbitration award shall be in accordance with the terms of this Statement and any other agreements, if any, referenced herein that the applicable user has entered into in connection with the Services; (5) the arbitrator will apply the laws of the State of Georgia in accordance with the FAA and applicable statutory time limits and will respect the right to refuse to produce documents and to maintain confidentiality as required by law; (6) there will be no authority to decide claims on a class action or representative action basis, and only your individual claims or the individual claims of Global Payments entities may be arbitrated; the arbitrator shall not have the authority to consolidate or merge the claims of other similarly situated persons or parties; (7) the arbitrator shall not have the authority to impose any punitive damages on you or any Global Payments entity; (8) in the event that the administrative fees and deposits required to be paid in order to commence an arbitration proceeding against any Global Payments entity exceed $125 and you are unable (or, under JAMS rules, required) to pay any fees or deposits in excess of such amount, Global Payments agrees to pay or cover them on your behalf, subject to the arbitrator's final decision. Further, if you are able to demonstrate that the cost of the arbitration will be excessive in comparison to the cost of litigation, Global Payments will pay such portion of your registration and court fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration fees from being excessive and thereby making arbitration impracticable; and (9) if any part of this Arbitration Provision, except as provided in paragraph (6) above, is found to be invalid, unenforceable or illegal or otherwise inconsistent with the rules of the JAMS Organization, the remainder of this Arbitration Provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or inconsistent part had never been contained herein. However, if paragraph (6) is found to be invalid, unenforceable or illegal, this arbitration provision shall become invalid as a whole and neither you nor Global Payments shall be entitled to arbitrate any dispute. For more information about JAMS and its rules, please visit its website at www.jamsadr.com.

If you have any questions about this Statement or if you wish to exercise your rights described in this Statement, you may submit your request to us by completing this forms [LM1] or contact us at:

Global Payments Inc. 3550 Lenox rd, Suite 3000 Atlanta, GA 30326 
privacy@globalpay.com 800-367-2638

So that we can comply with your request for access or deletion, we need you to provide us with sufficient information to verify your identity. For example, we may ask you for information relating to your account, which includes your contact details or other identifying information. If you appoint an authorized representative to make claims on your behalf regarding your rights, we may require convincing proof of their authority as well as verification of your identity directly by you.

Users in the regions and countries listed below should read the following paragraphs for additional information on some of the specifics of the privacy laws and regulations in those regions. In the event of a conflict between the information provided above and the following paragraphs, the following paragraphs will prevail with respect to the respective regions and countries.

Users in the European Economic Area

Your personal data may be processed in countries outside the European Economic Area („EEA“) that may not have data protection laws comparable to those in the EEA. This includes data transferred between Global Payments and its affiliates in different parts of the world or to third parties as described in the paragraphs above. The relevant Global Payments entities will take the necessary measures to ensure that your personal data collected through this website is protected in accordance with applicable data protection laws.

European Union: identification of the data controller

The relevant Global Payments subsidiary operating in your country is responsible under applicable data protection laws to the extent that it uses your personal data for its own purposes. If Global Payments Inc. or any of its subsidiaries uses your personal information for its own purposes, such as to provide you with payment processing services, that entity may also be liable under the applicable laws that apply to it. The following is a list of Global Payments' subsidiaries operating in each country of the European Union that are responsible for processing your personal information collected through our Site. You may contact our subsidiaries in the European Union if you require more information about the third parties with whom we share your personal data, as well as the legal basis for processing your data and specific information about exercising your rights as a data subject under the General Data Protection Regulation (GDPR).

(1) The Company is registered with the UK Information Commissioner's Office as a „data processor“ under the identifier Z1374314.