Overview
All payment applications handle a variety of customer data, or Personally Identifiable Information (PII) as this data is defined as by the privacy legislation of most jurisdictions.
This includes both Commercial information about each customer and their Payment Card data.
For stand-alone payment applications all data is entered directly into the payment application by the consumer.
For integrated applications additional customer data may be shared with the payment application by the merchant’s systems.
Transaction data, excluding the sensitive Payment Card data, is also returned to the payment application from the payment processor.
All information handled by payment applications is generally governed under your commercial terms for privacy, acceptable use and confidentiality.
However, this information is also protected in accordance with various legislative and regulatory requirements and the retention periods for certain data that are mandated under PCI regulations.
This document explains these retention policies.
Payment Card Information
Customers enter the following Payment Card data:
- Primary Account Number (PAN)
- Expiration Date
- Security Code (i.e., CVC or CVV)
This card information is required to perform a one-time payment and to store a card. Some applications may also collect the Cardholder name.
Payment Card data is never stored or retained by Datatel – this data is securely transmitted directly to your payment processor, payment gateway or token service provider.
Commercial Information
Customers may enter, or your information systems may transmit, the following customer data to the payment application:
- Identifiers (e.g., a customer account or invoice number the transaction applies to)
- Financial Information (e.g., Payment Amount, Past Due Amount, Authorization to Store card)
This customer information is securely stored and used to facilitate the transaction process, for application support, and for reporting to merchant.
Retention is generally governed by the commercial terms of the merchant’s application subscription.
Except for retention required to satisfy archival, statutory, regulatory or other legal requirements, this information is generally destroyed after 90 days in our normal course of operations, or upon termination of service by the merchant.
Regulated Retention
Under the PCI DSS (Payment Card Industry Data Security Standard) Requirement 10, all service providers are required to retain log files of the processed transaction data for a minimum period of 1 year to facilitate forensic analysis and compliance audits.
This excludes the Payment Card data, which is never retained or stored by Datatel systems.
We’re Here to Help
Call 1 800 831 6660 or
What our clients are saying about us
“Never any issues with you guys! Things just work.”
“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”
“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”
“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”
“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”
“Great team to work with. I look forward to utilizing some additional capabilities in the future.”
“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”
“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”
“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”
