Chase Paymentech Solutions, LLC ("Paymentech")is committed to maintaining the accuracy, and confidentiality, and protecting the privacy of your personal information. Paymentech has adopted the following Ten Privacy Principles which, together with applicable legislation, govern our actions as they relate to the use of our merchant's personal information. In this Privacy Policy, "you", "your", "yourself" shall refer to a merchant of Paymentech (if applicable) or to the individual (employee or owner of a Paymentech merchant) who may provide personal information to Paymentech and "us", "our" and "ourselves" shall refer to Paymentech. This Privacy Policy does not apply to information that is not personal information under applicable legislation.

By submitting personal information to Paymentech, you (i) agree that Paymentech may collect, use and disclose personal information in accordance with this Privacy Policy or otherwise with your consent or as permitted or required by law; and (ii) acknowledge and consent that Paymentech may retain service providers to perform certain services and that in the event that a service provider is located in the United States, personal information may be processed and stored in the United States and that United States governments, courts or law enforcement or regulatory agencies may be able to obtain disclosure of personal information through the laws of the United States.

Summary of the Ten Privacy Principles

Principle 1 - Accountability
Paymentech takes steps to maintain and protect personal information under its control, in accordance with applicable law. Paymentech has designated an individual or individuals that are responsible within our organization for compliance with the Ten Privacy Principles, as outlined below

Principle 2 - Identifying Purposes
This Privacy Policy outlines certain purposes for which Paymentech requires the collection, use and disclosure of your personal information. Paymentech will identify additional purposes for which personal information is collected, used or disclosed at or before the time information is collected or when consent for the use and disclosure of personal information already collected is sought for such additional purposes.

Principle 3 - Consent
Paymentech will obtain your consent to the collection, use or disclosure of your personal information, except where otherwise required or permitted by law or as outlined in this Privacy Policy.

Principle 4 - Limiting Collection
Paymentech shall limit the collection of personal information to that which is necessary for the purposes identified by Paymentech. Paymentech shall collect personal information by fair and lawful means.

Principle 5 - Limiting Use, Disclosure and Retention
Paymentech will use or disclose your personal information for the purposes for which it was collected, except with your consent or as required or permitted by law. Paymentech will retain your personal information as long as necessary for the fulfillment of those purposes, subject to reasonable legal limitation periods, statutory or regulatory retention requirements and legitimate business requirements.

Principle 6 - Accuracy
Paymentech will use reasonable efforts to maintain your personal information in as accurate, complete and up-to-date form as is necessary for the purposes for which it is to be used, in compliance with applicable legislation.

Principle 7 - Safeguarding Merchant Information
Paymentech will put in place security safeguards appropriate to the sensitivity of the personal information in order to protect your personal information from unauthorized access, improper use and accidental destruction or loss.

Principle 8 - Openness
Paymentech shall make available to you, upon request, specific information about our policies and practices that apply to the management of your personal information.

Principle 9 - Merchant Access
Upon request, Paymentech shall inform you of the existence, use and disclosure of your personal information. You may verify the accuracy and completeness of your personal information, and may request that it be amended, if appropriate, as provided by applicable legislation.

Principle 10 - Handling Merchant Complaints and Suggestions
You may direct any questions or enquiries with respect to the privacy principles outlined above or about Paymentech's privacy practices by contacting:

Paymentech Canada - Chief Privacy Officer
One Corporate Plaza
2075, Kennedy Road, Suite 200
Toronto (Ontario)
M1T 3V3
Phone: (416) 940-6395
Fax: (416) 940-6028
E-mail: privacyofficer@paymentech.com

Any questions, concerns or complaints regarding Paymentech's privacy policy and practices, should first be directed to the Paymentech Privacy office where it will be reviewed. If the concern or complaint is justified, Paymentech will correct the situation and, if applicable, will revise its policies and procedures related to that matter.

Paymentech Privacy Policy in More Detail

Personal Information - Definition
Personal Information means information about an identifiable individual, as more particularly defined in applicable privacy legislation. Personal information does not include aggregate information that cannot be associated with a specific individual, and in certain jurisdictions, it may also exclude business contact information.

Affiliates and Third Party Contractors
Paymentech may disclose personal information it has collected in accordance with this Privacy Policy with certain affiliates for the purposes set out in this Privacy Policy provided that the personal information is required for such purposes. Certain of these affiliates are located in the United States.

Paymentech may also provide some information received from our merchants to outside organizations as necessary to provide requested services. Such organizations may include the various card associations (including without limitation Visa, MasterCard and Interac).

Our contracts with such third parties and affiliates require that (i) any information that we provide to them is held strictly confidential; and (ii) any information provided to them may be used solely for the purposes of providing the services that they have been contracted with to provide.

Paymentech may transfer personal information to outside agents, mandataries or service providers that perform services on our behalf (for example mailing houses or collection agents) in which case we use similar contractual or other means to ensure that your personal information is protected and not used or disclosed for any purposes other than as directed by Paymentech.

Purposes
In addition to the terms of this Privacy Policy, contractual terms may apply to the collection, use and disclosure of your personal information. For example, Paymentech's Merchant Application and Agreement asks you to provide certain personal information and indicates that the personal information is collected, used and disclosed as described therein and in accordance with this Privacy Policy. Your execution of the Merchant Agreement constitutes your written consent to such collection, use and disclosure in accordance with its terms; among other terms, it states that personal information:

• will be used for credit investigation and that social insurance numbers, dates of birth and driver's license numbers will be used for credit matching and identity verification;
• may be exchanged with financial institutions (including those parties to the Merchant Agreement) and Associations (e.g. Visa, MasterCard, Interac) for the purpose of providing merchants with the requested products and services and for security measures in relation to the merchant account.

More generally, Paymentech collects, uses and discloses personal information as follows:

• to administer and service our business relationship with you and to provide you with requested services;
• to enforce your obligations under your agreements with Paymentech;
• to offer you additional products and service that may be of interest to you;
• to confirm your eligibility for certain preferred pricing arrangements;
• a credit investigation allows Paymentech to determine your financial status (and, if applicable, that of the owners of our merchants) by collecting financial information from credit reporting agencies or credit bureaus;
• if required, to provide the various Associations (e.g. Visa, MasterCard, Interac) with certain reporting with respect to our business;
• to investigate suspicious activities in relation to the merchant account
• in the event of the actual or potential sale, assignment, financing, insuring, securitization or other disposal of all or part of our business or assets, which may include disclosure to parties connected with such transaction in order to determine whether to proceed with such transaction, to fulfil reporting or inspection requirements, or for the use and disclosure of personal information by these parties as described in this Privacy Policy;
• in the event of a contemplated or actual fundamental restructuring of our business such as a reorganization, merger, acquisition or amalgamation;
• when required or permitted by law; and
• otherwise with your consent

Paymentech does not license, sell, rent or trade your personal information to other parties unless it is necessary to provide you with requested services and you authorize or consent to the disclosure, or when such disclosure is otherwise described in this Privacy Policy or permitted or required by law.

Consent
Paymentech typically seeks our merchant's consent to the use and disclosure of their personal information at the time that the information is obtained (i.e. the vast majority of which is obtained when the merchant completes an application to receive merchant services from Paymentech). Other information may be obtained when you change the nature of services you receive, when you call our Merchant Services Help Desk or otherwise when you have the need to contact Paymentech. Personal information may be obtained from you in person, over the phone or through e-mail, regular mail or facsimile correspondence.

Paymentech obtains your express consent in the Merchant Agreement to the collection, use and disclosure of certain sensitive information (social insurance numbers, dates of birth and driver's license numbers). Your provision of each of the social insurance number and driver's license number is optional and the information is used for credit matching and identity verification. Ultimately, it is up to you whether you want to provide any personal information to Paymentech. However, if enough personal information is withheld, Paymentech may be unable to provide services.

An individual may withdraw his or her consent at any time (subject to legal or contractual restrictions and reasonable notice) by notifying Paymentech. However, if enough personal information is withheld, Paymentech may be unable to provide services.

Faxing of information
If you phone into our Business Sales Centre, an application will be completed verbally over the phone. After completion, the application may be faxed to the fax number that you have provided to us so that the merchant can execute the application and return it to Paymentech.

Recording of calls
Paymentech may record incoming phone calls to our Business Sales Centre for quality monitoring and coaching purposes and, as necessary, to record the fact that verbal consent was obtained to use your personal information for an identified purpose (for example, obtaining a credit report from a credit reporting agency or credit bureau). Paymentech periodically records calls to our Merchant Services Help Desk for quality monitoring and coaching purposes.

Type of Information Collected
The type of information collected on our Merchant Application and Agreement includes the following:

Merchant Information
Business Name
Business Address and Contact information
Location Address and primary contact name
Type of business and nature of advertising
Ownership Structure
Credit Information
Business Activity (nature of sales)
Sales Deposit Policy
Refund Policy
Bank/Business Trade References
Financial Institution Information
Previous Merchant Statements
Company Financial Statements

Contact Persons, Owners and Officers Information
Name
Title
Percentage of Ownership
Residence Address
Home Phone
Social Insurance Number (optional)
Date of Birth
Driver's License Number (optional)

We may also ask that the principals of the merchant (or owner, as applicable) provide photo identification in order to verify their identity as well as copies of documentation that evidences their correct signature.

Accuracy of Information
Paymentech will use reasonable efforts to ensure that the personal information that it holds is accurate, complete and current and related to the identified purposes.

Retention of Information
Paymentech retains your personal information as long as necessary for the fulfillment of those purposes, subject to reasonable legal limitation periods, statutory or regulatory retention requirements and legitimate business requirements. Paymentech will use reasonable efforts to ensure that personal information which will no longer be retained by Paymentech will be disposed of or destroyed in a secure manner.

Security Measures
Paymentech may store your personal information in an electronic file or a physical file. Paymentech has implemented reasonable technological, organizational and physical security measures to protect your personal information from unauthorized access, improper use, and accidental destruction or loss. The physical file containing your personal information will be stored at Paymentech's premises, or if required, at an offsite storage facility. The electronic file containing your personal information will be stored on a secure network. Authorized employees, mandataries and agents of Paymentech who have a legitimate purpose for accessing the information and require it in the course of their duties will have access to your personal information. There is restricted access to Paymentech's offices and to the computer server room.

Paymentech employees, as a condition of their employment, are required to comply with confidentiality, merchant privacy and security obligations. Paymentech employees are also trained on the importance of privacy and maintaining the confidentiality of personal information.

From time to time, Paymentech reviews and updates its security measures in an effort to protect information in the most effective manner possible.

Access to Information
Subject to applicable legislation, Paymentech's merchants may access and verify any of their personal information by calling our Merchant Services Help Desk at 1-800-265-5158 and may request the correction of any inaccurate information. If there is any error, Paymentech will promptly amend and correct the information in its files.

Paymentech Website
1. Cookies
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to a browser from a website's computers and stored on a computer's hard drive.

Each website can send its own cookie to a browser if the browser's preferences allow it, but (to protect privacy), a browser only permits a website to access the cookies it has already sent to it, not the cookies sent to it by other sites.

A browser can be configured to accept all cookies, reject all cookies, or to provide notification when a cookie is set. (Each browser is different so check the "Help" menu of the browser to learn how to change the cookie preferences.)

If all cookies are rejected, a merchant will not be able to use Paymentech products or services that require the merchant to "sign in", and the merchant may not be able to take full advantage of all offerings. However, there may be some Paymentech products and services that do not require that cookies be accepted.

Paymentech may uses its own cookies for a number of purposes, including to:

• access merchant information when the merchant "signs in", so that customized content in online areas can be provided;
• conduct research to improve Paymentech content and services
• require the merchant to re-enter a password after a certain period of time has elapsed to protect the merchant and others against others accidentally accessing the merchant's account contents.

Please note that any third party usage of cookies is subject to their own privacy policies, not the Paymentech privacy policy.

From time to time, Paymentech reviews and updates its security measures (including its online security measures) in an effort to protect information in the most effective manner possible.

Amending this Privacy Policy
Paymentech reserves the right to amend this Privacy Policy along with any related provisions from time to time. If we materially change our privacy policies, we will take reasonable measures to notify you of these changes. If you are concerned about how your personal information is used or disclosed, you should check back at our website periodically or contact us as described above to obtain a current copy of our Privacy Policy. The latest update to this Privacy Policy was done in November 2005.