Privacy Notice

Effective July 7, 2020

Table of Contents

LAST UPDATED: July 1, 2020
TokenEx (“TokenEx,” “we,” “us,” or “our”) takes privacy and data protection issues seriously. Our most important asset is our relationship with our user community. We are committed to maintaining the confidentiality, integrity, and security of information about our users and their organizations.
By this Privacy Notice, We have published and made available to you our Privacy Policy (“Policy”), set forth on the following pages, to explain how we handle personally identifiable information collected from merchants, including from within the EU, Switzerland, and the United Kingdom, who are clients, register to receive services from TokenEx and submit information to TokenEx through the Internet. This Policy also describes our privacy practices regarding other consumer information that we may receive and other information that we collect on this Web site (, together with any replacement site (the “Site”).
TokenEx complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. TokenEx has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit
Please read, familiarize yourself with, and fully understand, to your satisfaction, the provisions of our Privacy Policy. By checking the opt-in box at the end of our Privacy Policy, and by thereafter submitting or making available personally identifiable information about you and your business through the Site or TokenEx’s services, you agree to the terms of our Privacy Policy and you expressly consent to the processing of personally identifiable information in accordance with this Policy. We do not share your personally identifiable information with any third party and use the information you submit solely to contact you and/or provide information about us that you either request or that we believe you may find useful in dealing with us. Your personally identifiable information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personally identifiable information may be less stringent than the laws in your country. TokenEx strives to comply with the applicable laws and regulations protecting the privacy of personally identifiable information in the jurisdictions in which TokenEx operates. Where appropriate, specific jurisdictions may require supplemental terms to this Policy in order to comply with local laws.

Thanks for taking the time to review our Notice and Policy.

Scope of this Privacy Policy
This Privacy Policy covers TokenEx’s treatment of personally identifiable information collected from any merchant or person (hereafter, a “merchant” or “you”) who uses TokenEx’s tokenization and payment gateway services, as well as our treatment of any other consumer information that we acquire in the course of our business and any other information that we collect on or through the Site. This Policy also covers TokenEx’s treatment of personally identifiable information that TokenEx’s business partners may share with TokenEx.
This Policy does not apply to the practices of companies or Web sites that TokenEx does not own or control, or to people whom TokenEx does not employ or manage; this Privacy Policy is specific to TokenEx. We encourage you to seek out and read the privacy policy of each Web site that you visit or use.
By checking the opt-in box at the end of this Privacy Policy, and by thereafter submitting or making available personally identifiable information about you and your business through the Site or TokenEx’s services, you agree that you have read and understood this Privacy Policy and you accept and consent to the privacy practices (and any uses and disclosures of information) that are described in this Privacy Policy.
Information Collection and Use
TokenEx collects personally identifiable information about you and your business when you register for a TokenEx merchant account. For example, when you register with TokenEx, we ask for your contact information (such as your name, street address, and e-mail address), as well as certain information pertaining to your business and certain billing information (such as your or your business’s bank account number or credit card number). TokenEx may also receive personally identifiable information from its resellers and other business partners.
In the course of processing a payment transaction, TokenEx typically receives information related to the transaction from the applicable merchant or financial institution. This normally includes personally identifiable information relating to the payment that the relevant consumer has separately furnished to the merchant or financial institution in requesting or initiating the transaction. As a merchant, you are solely responsible for obtaining all necessary and appropriate consent and authorization from each consumer and other person about whom you share personally identifiable information with TokenEx. Please only share with us personally identifiable information for which you have obtained appropriate consent and authorization from the applicable consumer. Any personally identifiable consumer information shared with us from the applicable merchant or financial institution is treated with the utmost care and security. TokenEx systems are certified as a Level 1 PCI Compliant, and all data retention and credit card information is fully encrypted, and data security is maintained at the PCI standards as determined by the PCI Security Standard Council. Please see more details about our security practices in the “Information Security” section below.
TokenEx uses the payment-related information that it receives as necessary and appropriate to fulfill requests to process payment transactions, to facilitate billing, and to otherwise deliver payment services. Personally identifiable information about consumers is used by TokenEx to process payment transactions and (except as provided in the next section of this Privacy Policy) for no other purpose. We may use information that we receive about you (as a merchant) and your business to send you service announcements, newsletters, and periodic notices about specials and new products. In addition, we may retain the content of, and metadata regarding, any correspondence you may have with our representatives or us, regardless of the subject matter or the mode of communication by which such correspondence is made. This information helps us to improve our products and services, as well as the Site and the content, materials, opportunities, and services that we feature or describe on the Site, and to more effectively and efficiently respond to both current and future inquiries.
We do not acquire any personally identifiable information directly from consumers on the Site. Our Web site is not directed at persons under the age of 18 and TokenEx does not collect or maintain information on our Web site from persons we actually know are under the age of 18. As with many other Web sites, the Web servers used to operate the Site may collect certain non- personal data pertaining to users of the Site and the equipment and communications method that they use to access the Internet and the Site. Without combining these data with other sources of information, they do not readily or personally identify individuals. They may reveal such things as the Internet protocol (“IP”) address assigned to an individual’s computer, specific pages that an individual accessed on the Site or immediately prior to visiting the Site, and the length of time spent in a visit to the Site. The purposes for which this information is collected and used include facilitating Site operation and system administration, the generating of aggregate, non-identifiable statistical information, monitoring and analyzing Site traffic and usage patterns, and improving the content and content delivery of the Site and the content, materials, opportunities, and services that we describe or make available on the Site.
We may also use “cookies” (small text files stored on users’ computers) to help track and customize access and use of the Site. Cookies store and retain information that helps us recognize individuals when they return to the Site following a previous visit. Most popular Internet browser packages allow one to configure the browser so as not to accept cookies. Setting your browser to reject cookies may, however, in certain instances, prevent you from taking full advantage of the Site and the materials, products, and services that we make available on the Site.
Information Sharing and Disclosure
Protecting personally identifiable information about merchants and consumers is an important part of our business. We do not sell, share, or rent client information to third parties except as described below.
TokenEx will disclose personally identifiable information about you, as a merchant, to third parties (whether other companies or individuals) when: (1) we have your consent to share the information with such third parties; (2) we need to share the information with such third parties to provide the product or service you have requested; or (3) such third parties work on behalf of TokenEx to provide a product or service to you (unless we tell you differently, these third parties do not have the right to use or disclose any personally identifiable information that we provide to them beyond what is necessary for them to perform their duties for us).
We share personally identifiable information about specific consumers with third parties (such as, for example, banks and credit card processors) to the extent necessary for TokenEx to deliver tokenization and payment processing services that are requested regarding such consumers.
We also may disclose personally identifiable information to third parties only when we believe disclosure is required or appropriate: (1) to comply with applicable laws, regulations, subpoenas, court orders, and the like; (2) to enforce or give effect to written agreements that we are party to (such as, for example, the Merchant Agreement that you, as a merchant, have executed with us); or (3) to protect the rights, property, or safety of TokenEx, its other users, or others. If TokenEx receives an order or subpoena for some or all of the personally identifiable information or determines that it is bound by law to disclose such information, TokenEx shall immediately notify you of such receipt or determination and provide to you a copy thereof. If you request, TokenEx shall cooperate with you in any lawful proceeding to prevent or limit such disclosure. These disclosures may include, for example, exchanging information with other companies and organizations for fraud protection and risk reduction purposes.
TokenEx is responsible for processing the Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. We are potentially liable if our agent processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Transfer of Personal Information in the Event of Sale of TokenEx or Its Assets
In the event that TokenEx is sold or transfers some of its assets to another party, your personal information could be one of the transferred assets. If your personal information is transferred, use of your personal information will remain subject to this Privacy Policy. Your personal information will be passed on to a successor in interest in the event of a liquidation or administration of TokenEx.
What Choices Do You Have?
Please take care to share only such information as is needed or that you believe appropriate. You may choose not to disclose certain personally identifiable information to TokenEx. However, in doing so, we may not be able to provide you the services that you are requesting.
Dispute Resolution
All disputes should first be brought to our attention using the Contact Information listed below. If you are still not satisfied after a good faith effort to resolve the dispute, you have the right to bring a claim before the appropriate data protection authority.
If your data is subject to protections of EU law, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
Access, Corrections, Deletions
You have the right to be provided with a copy of your personal information. You have the right to require us to correct any mistakes in your personal information. In certain situations, you have the right to require us to delete your personal information.
Choises in Data Use and Sharing
  1. Right to Object
    You have the right to object: (1) at any time to your Personal Information being processed for direct marketing (including profiling); and (2) in certain limited situations, to our continued processing of your Personal Information, even for our legitimate interests.
  2. Right to Restriction of Processing
    In certain circumstances, you may have the right to require us to restrict processing of your personal information. For example, if you contest the accuracy of the data we process.
  3. Right Not to be Subjected to Automated Individual Decision-Making
    You have the right to not be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
  4. Right to Data Portability
    In certain situations, you may have the right to receive the personal information you provided to us and/or request that we transmit that data to a third party. Your data will be provided in a structured, commonly used and machine-readable format.
    For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individual rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
  • Email, call, or write to us using the contact information in the below section, AND
  • Let us have enough information to identify you (e.g., your full name, address, and customer number if you have one)
  • Let us know what right you want to exercise and the information to which your request relates
  • Depending on the nature of your request, we may require proof of your identity.
Information Security
Information security is critical to our business. We use proprietary software, firewalls, and industry-standard security technology, as well as industry-standard security practices, to protect personal and confidential information that we receive and to prevent that information from being accessed by unauthorized persons. For example, we work to protect the security of personal and confidential information submitted through the Site during transmission by using Secure Sockets Layer (“SSL”) software, which encrypts information. The information that you submit through the Site is gathered on computers and stored in a data center, protected by proprietary and industry- standard security practices. The number of employees that have physical access to our data center, and to the computer on which personal information is stored, is limited. TokenEx systems are certified as a Level 1 PCI Compliant, and all data retention and credit card information is maintained at the PCI standards as determined by the PCI Security Standards Council (
We also require that any personally identifiable information about consumers that is sent to us through or in connection with the Site be encrypted using SSL encryption.
You are responsible for the use and safeguarding of any login ID that we issue to you regarding the use of the Site and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to other sensitive data regarding your account with us, and to your computer. Be sure to appropriately safeguard the login ID and password that you use to access TokenEx’s services, and be sure to sign off of your account when you are finished using it if you are using a shared computer to access the Site.
In compliance with Privacy Shield Principles, TokenEx commits to resolve complaints about our collection or use of your personal information. EU or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact TokenEx at
As part of our participation in Privacy Shield, we will first investigate and attempt to resolve through our internal processes any dispute you have with us about our adherence to the principles. If your complaint or dispute cannot be resolved internally, TokenEx further commits to refer unresolved complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact the American Arbitration Association at for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.
If your complaint is not resolved through the above channels, you may be able to invoke binding arbitration for complaints regarding Privacy Shield compliance in certain limited circumstances. For more information, see
Regulatory Jurisdiction
The Federal Trade Commission has jurisdiction over TokenEx’s compliance with the Privacy Shield.
Changes to this Privacy Policy
TokenEx reserves the right to modify or amend this Privacy Policy at any time and for any reason. Please note the date at the top of this document to determine the latest revision date of this Privacy Policy. Any changes to this Privacy Policy will become effective immediately when posted on the site.
Questions, Corrections, and Complaints
We hope that we or our Data Protection Officer can resolve any question or concern you have about your information. Our Data Protection Officer can be reached at:
TokenEx, Inc.
Attn: Legal Department
P.O. Box 521068
Tulsa, Oklahoma 74152-1068

The General Data Protection Regulation also gives residents of the European Union the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
Our EU Representative is:

The Document Warehouse
Document Park, Castle Road, Sittingbourne, Kent, ME10 3JP
+44 (0)208 092 4555