This paragraph specifically references those situations when a supporter asks by phone and/or enables your staff input their payment information on their behalf and provide their card or bank information to your staff for input. Depending upon your policies, if you allow your staff to do this for member/supporters, your organization accepts responsibility for management and security of the PII/PCI data provided to your staff for input/entry. So if that information is emailed to your staff or your staff takes the information over the phone and notes it on a piece of paper and or your member/supporters note it on an envelope for your organization to enter on their behalf – your organization is responsible for security for all PII and PCI information that you receive directly and/or retain for any period. Upon submission of PII/PCI data online to Vision2, the data submitted is Vision2’s security and privacy responsibility in regard to processing transactions and maintaining related donor information.

Did this answer your question?