Information Security Policy and Privacy Principles

Blackstone’s Commitment to Client Information and Cardholder Data Security.

Our company is fully committed to ensuring the utmost security and proper handling of Confidential Client Information and Cardholder Data. All employees working in our company will be required to read, agree and adhere to the Information Security Policy and Privacy Principles which have been created for the security of our customers and merchant services relationships.

We Are Committed to Protecting the Confidentiality of Consumer Information.

Blackstone’s policies limit access to personal user information that is collected for business related matters to those employees of Blackstone Merchant Services, its affiliates, and subcontractors who need the information to fulfill their business responsibilities. All vendors and other outside contractors we engage are subject to our contractual requirements to ensure that sensitive personal information is safeguarded. Employees must adhere to the Information Security Policy and Privacy Principles. Employees violating the Blackstone Information Security Policy and/or Privacy Principles are subject to disciplinary action, up to and including dismissal.

Blackstone’s Privacy Principles

As a Merchant Services Acquirer, Blackstone works behind the scenes on behalf of merchants, banks and other card issuers to ensure the efficient, accurate and secure handling of payment processing and billing. In order to provide these services, Blackstone must view, receive, maintain and use financial and other sensitive personal information. We believe that information used responsibly benefits consumers and the economy. Blackstone supports the responsible information practices of its business clients by adhering to the following privacy principles:

We collect, maintain and disclose personal information only as necessary to perform services for our business clients.

We handle personal consumer information only as necessary to carry out the services our clients have requested us to perform for them. At the direction of our clients, we may disclose personal information to third parties with whom our clients have a business relationship, such as credit bureaus, consultants and other client vendors. We may also share personal information with our own vendors, subject to obligations of confidentiality, and only to the extent necessary to support our services to our clients. With the permission of our clients, we may use aggregate data, not identifiable to any individual, to validate the accuracy and quality of fraud prevention and risk-control products used by our clients. We also will disclose consumer information in response to a lawful request issued by a court, government agency or regulatory authority with jurisdiction to make that request. Once we have completed our service to our business clients, any document, email or information containing Cardholder Data used will be destroyed using cross-cut shredders.

We assist our business clients in informing consumers about the general uses of their information.

We encourage our business clients to provide consumers with a timely and complete privacy notice. As a natural part of our processing business, we may assist our clients in preparation and mailing of privacy notices and recording and tracking consumer privacy choices. If we are contacted directly by a consumer regarding information that we maintain, we endeavor to direct the consumer to the appropriate client, so that institution can assist the customer according to its own privacy policies.

We protect the confidentiality and security of personal consumer information.

Within Blackstone, access to personal information is limited to those employees of Blackstone and its affiliates who need it to fulfill their business responsibilities. Employees must adhere to the Blackstone Privacy Principles. Violations of these Principles can result in disciplinary action, up to and including dismissal. We have obligations of strict confidentiality under our client contracts, and we handle information based on our clients’ direction and in accordance with applicable laws. Vendors and other outside contractors we engage are subject to our contractual requirements to ensure sensitive personal information is safeguarded. We employ appropriate measures to protect consumer information against unauthorized access, disclosure, alteration or destruction. These may include cross-cut shredding of any documents, physical access security and other appropriate technologies. Blackstone continually reviews and enhances its security systems, as necessary.

We hold ourselves accountable to our privacy principles.

Blackstone is committed to meeting the highest standards for our privacy program. A senior Blackstone official serves as the company’s privacy officer, with responsibility for administering the Blackstone privacy program, including implementation of these Privacy Principles. Blackstone uses information only in a manner consistent with these privacy principles. Protecting consumer privacy is a key part of our trusted relationship with our clients, as we assist businesses and consumers in conducting sensitive and wide-ranging financial activities.

Merchants are responsible for their own PCI adherence.

Much like Blackstone must adhere to all PCI security policies and guidelines, our Merchants or Clients are responsible for doing the same. Merchants must utilize PCI Compliant point of sale equipment or software in their day-to-day processing. Merchants are also responsible for being PCI Compliant in accordance with PCI DSS standards. Merchants may use Blackstone provided vendors such as Clover Security or Security Metrics to take their online questionnaire and perform scans as necessary. Proof of PCI Compliance must be provided to Blackstone on an annual basis if a different vendor is chosen for PCI.

Contact information:

Blackstone Merchant Services, Inc
2620 S.W. 27th Avenue
Miami, FL 33133-3005
Phone: (305) 639-9590