logo image
About Us

Privacy and Policy

Onyx Card, LLC, and its parent and subsidiary companies (collectively, the "Company") respect your right to privacy. This Privacy Policy summarizes what personal information we may collect, how we may use this information, and other important topics relating to your privacy and data protection.

It is the Company’s policy to comply with all applicable privacy and data protection laws. This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their personal information with us.

This Privacy Policy applies to the Company’s website (the “Website”), located at https://www.onyxcard.io/. It also applies to personal information we may otherwise collect: (i) through our products and services; (ii) when you interact with us by means other than the Website, for example, in person or by telephone; and (iii) from our customers, distributors, suppliers, vendors, and other business partners (collectively “Business Partners”).

The Company’s Collection, Use and Disclosure of Personal Information

To the extent required by applicable law, whenever the Company collects personal information, we will:

Personal Information the Company Collects

The Company collects the following types of personal information:

You have choices about the personal information you provide the Company. You may choose not to provide information that we request, but if you do so, we may not be able to provide you a relevant product or service or a particular feature of the Website.

How the Company Uses Your Personal Information

The Company may use your personal information to:

The Company may also use your personal information for other uses consistent with the context in which the information was collected or with your consent.

The Company may anonymize or aggregate any of the information we collect and use it for any purpose, including for research and product-development purposes. Such information will not identify you individually.

When The Company May Share Your Personal Information

The Company will not disclose your personal information except as described here:

Security of Your Personal Information

Your personal information will generally be stored in the Company’s databases or databases maintained by our service providers. The Company maintains reasonable safeguards to protect the confidentiality, security, and integrity of your personal information. Although we use security measures to help protect your personal information against unauthorized disclosure, misuse, or alteration, as is the case with all computer networks linked to the Internet, we cannot guarantee the security of information provided over the Internet and will not be responsible for breaches of security beyond our reasonable control.

Links to Third Party Internet Sites and Plugins

The Website may contain links to websites or mobile apps that are not operated by the Company and plugins from social media platforms and other third parties. Examples of social media plugins are the Facebook “Like” button and the option to “Share” the Website through your email, Facebook, Twitter, and Pinterest. We provide these links and plugins as a service and do not imply any endorsement of the activities or content of the related websites, apps, or social media platforms, nor any association with their operators. To learn about the information collected by these third-party websites, apps, and plugins, please visit their privacy policies. We encourage you to review the privacy policies for the websites, apps, and social media platforms you visit before using them or providing personal information.

Retention of Your Personal Information

How long we keep your personal information will vary and will depend on the purpose and use of the information collected. There are legal requirements that we keep some types of data for specific periods. Otherwise, we will retain it for no longer than is necessary for the purposes for which the data was collected.

Children

The Website is not intended for children under 13 years of age. The Company will not knowingly solicit or collect personal information from or about children under 13, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law.

California Residents

We are planning to go live next week. Is production environment already available? Can we get the credentials?Or the one we have currently is also suitable for production?

A. Information we collect

The information we have collected about California residents in the last 12 months is described in Personal Information the Company Collects above. That information corresponds with the following categories of personal information under the CCPA:

A. Identifiers.A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.YES
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.YES
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).YES
D. Commercial InformationRecords of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YES
E. Biometric informationGenetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NO
F. Internet or other similar network activityBrowsing history, search history, information on a consumer's interaction with a website, application, or advertisement.YES
G. Geolocation dataPhysical location or movements.YES
H. Sensory dataAudio, electronic, visual, thermal, olfactory, or similar information.NO
I. Professional or employment-related informationCurrent or past job history or performance evaluations.NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
K. Inferences drawn from other Personal Information.Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.YES

B. Use of personal information

In the last 12 months, we have used your personal information for the business and commercial purposes described in When the Company May Share Your Personal Information above.

C. Sharing of personal information

The business and commercial purposes that we have shared your personal information in the last 12 months are described above in When the Company May Share Your Personal Information. More specific information on that sharing is as follows:

D. Your right to know

You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal information over the past 12 months. Once we verify your request, we will disclose to you:

E. Your right to obtain a copy of your personal information

You have a right to obtain a copy of the specific pieces of personal information we collected about you (also called a data portability request). Once we verify your request, we will provide you a copy of your personal information that is responsive to your request. We do not provide portability rights to B2B information.

F. Your right to delete your personal information

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We do not provide deletion rights to B2B information.

G. Your right to opt-out of sale of your information

We may share information with third parties in a way that is considered a “sale” under the CCPA. Where that is the case, we will comply with California “Do Not Sell” requirements.

H. How to exercise your CCPA rights

To exercise your right to know, right to obtain a copy, or right to delete your personal information as described above, please submit your request to us by either:

Calling us at: +1 (855) 435-4595.

Contacting us at privacy@onyxcard.io

To exercise the right to opt-out of sale of your personal information, you can submit a request to us by email with the subject: Do Not Sell My Personal Information or filling out this form Do Not Sell My Personal Information

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back into personal information sales at any time by email with the subject: Opt-in to Sales of My Personal Information or by filling out this form: Opt-in to Sales of My Personal Information

I. How we verify requests and respond to requests

Before fulfilling your request, we take steps to verify you are who you say you are or that you have authority to act upon someone else's behalf. Therefore, upon receipt of your request, we will request additional information that we need to verify you and, if you are submitting a request on behalf of someone else, to verify that you are permitted to act on that person's behalf.

When we contact you to request verification information, please respond and provide the information that we have requested. Depending on the nature of the request you make, we may require you to verify your identity to either a reasonable degree of certainty or high degree of certainty. This may mean that we need to match two or three pieces of information that we hold about you with information that you provide to us. In some cases, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request or that you are authorized to make the request on behalf of someone else.

In addition to providing the information we need to verify you or your authority, you must provide us with enough information so that we can understand, evaluate, and respond to your request. We cannot respond to your request or provide you with personal information if we cannot confirm the personal information relates to you.

We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request and to locate relevant information. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and to understand, evaluate, and respond to your request.

We cannot delete personal information in those situations where our retention is required for our own internal business purposes or otherwise permitted by the CCPA (such as fraud prevention or legal compliance). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.

J. Who may submit requests?

Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may also make request on behalf of your minor child. You may designate an authorized agent to make a request on your behalf by registering such person or entity with the California Secretary of State.

K. How often you can submit requests?

You may make a CCPA consumer request twice within a 12-month period.

L. Response timing and format

We make every attempt to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. When you request a copy of your personal information, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity easily.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

M. Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. You have a right not to receive discriminatory treatment by us for exercising your privacy rights.

N. Other California privacy rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@onyxcard.io

GDPR Privacy Rights

This GDPR Privacy Notice is a supplement to our Privacy Policy and concerns certain personal data we have collected about residents of the countries in the European Union, consisting of the European Economic Area, Switzerland, and to the extent that the United Kingdom is no longer a member of the European Union, the United Kingdom (the “EU” or the “European Union”). It explains why we have that information, how we use and handle it, and your rights to that information, all as required by the European Union’s General Data Protection Regulation (“GDPR”).

a. Data controller

The data controller of such processing is Onyx Card, LLC.

b. Additional information about data we collect about you

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

c. Lawful basis

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

 Where we need to perform the contract, we are about to enter into, or have entered into with you.  Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, potentially including uses such as determining the internal analytics of the products and services and for determining marketing performance to share relevant information and offers about our products with customers and potential customers.  Where we need to comply with a legal obligation.  Where we have obtained your consent. We only rely on your consent as a legal basis for processing your personal data in limited circumstances. If you have provided us consent to use your personal data, you have the right to withdraw consent at any time by contacting us.

d. Your data subject rights

You have the following rights concerning your personal data that we hold and process that you can exercise at any time:

 Right of access – you have the right to request a copy of the information that we hold about you.

 Right of rectification – you have a right to correct personal data that we hold about you that is inaccurate or incomplete.

 Right to be forgotten – in certain circumstances you can ask for the personal data we hold about you to be erased from our records.

 Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

 Right of portability – you have the right to have the personal data we hold about you transferred to another organization.

 Right to object – you have the right to object to certain types of processing such as direct marketing.

 Right to judicial review - if we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the process below.

All of the above requests will be forwarded on to other parties holding and processing your personal data where appropriate.

To exercise any of these rights, including the right to withdraw consent, or to make a complaint about how your personal data is processed, you may address a written communication to

By Mail:

Attention: Data Protection Officer

You may also exercise these rights, including the right to withdraw consent, or to make a complaint about how your personal data is processed, by sending an e-mail to: privacy@onyxcard.io to the attention of the Data Protection Officer. Please also provide a copy of your identity document or any document proving your identity.

We reserve the right to verify the truthfulness of personal data provided at any time. Onyx does not use any type of automated process for profiling purposes.

e. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

f. Transfer of Data

Your personal data will be transferred and stored at our servers located in the United States. Your consent to this privacy notice followed by your submission of such information represents your agreement to that transfer.

Your Consent

By using the Website, you signify your acceptance of this Policy and the practices described herein. If you do not agree to this Policy and such practices, please do not use the Website. Your continued use of the Website following the posting of any changes to this Policy will confirm your acceptance of such changes.

Questions About This Policy

If you have any questions about this Policy or our use of your personal information, please contact:

Onyx Card, LLC

790 Oak Lane, Suite 400

Miami Lakes, FL 33016-5888

T +1 (213) 465-8448

info@onyxcard.io

Changes To This Policy

Changes to this Policy will be posted on this site, along with information on any material changes. The Company reserves the right to update or modify this Policy at any time and without prior notice. Any modifications will apply only to the personal information we collect after the posting.

This Policy was last revised on February 18, 2022.