Last updated: April 29, 2021
- We may collect information, which includes Personal Information, in various ways. “Personal Information” means any information that relates to an identified or identifiable individual, such as name, address, telephone number, or email address. We indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so, at the time of the collection of your Personal Information. If you do not provide the Personal Information necessary to provide you with our products and services, you will not be able to benefit from them.
Information Collected via Automated Means
When you use our Services, some information is automatically collected, such as your IP address, browser type, system type, the content and pages that you access on our Services, “referring URL” (i.e., the page from which you navigated to the Services), the pages you navigate to on the Services and other websites over time, and from which you leave the Services, the links and buttons on which you click, when you scroll, the time you spend on the Services, as well as any events sent to a behavioral tracking service, such as Google Tag Manager. We may use IP address to derive your approximate location.
We collect this information via automated means, such as standard server logs, cookies, local browser storage, ETags, clear GIFs (also known as “Web beacons”), device fingerprinting and similar technologies. We use this information to administer, operate, and improve the Services and our other services and systems, and to provide services, content and advertising that are tailored to you.
Also, please be aware that third parties may set cookies on your hard drive or use other automated means to collect information about your use of their services or content.
Information Provided by You
We collect Personal Information that our users provide to us in a variety of ways on our Services. For instance, when you register for a SIGNIFYD account, update your account information on our Services, leave a comment on our blog, or otherwise post or transmit any information or content on or to our Services, request information about any beta testing of Services that we may provide, request help and support regarding any of our Services, or otherwise communicate with us, we collect the Personal Information that is provided to us. We may collect Personal Information such as name, email address, city, state, country, other demographic information, and your interests and preferences in these manners. We also collect any information that you include in the content of messages you send to us.
Information from Other Sources
We may receive Personal Information about you from third parties, including public databases and industry-standard data vendors. In addition, we collect information from our customers, as well as their service providers and End Users, to provide the Services as described above and in our Terms of Service. We may combine this information with other Personal Information we maintain about you. We may also obtain information about you from publicly available sources.
- We use Personal Information for a number of purposes, including to:
- Provide services and information that you request, respond to comments and questions, and otherwise provide support to users;
- Enhance, improve, operate, and maintain our Services, our programs, services, website, and other systems, including to protect against and prevent fraud;
- Prevent fraudulent use of our Services;
- Tailor your user experience;
- Maintain a record of our dealings with you;
- Understand and analyze the usage trends and preferences of our users, to improve the Services, and to develop new products, services, features, and functionality;
- Contact you for administrative and information purposes—this may include providing customer service or sending communications, including changes to our terms and conditions;
- Develop and provide promotional and advertising materials that may be useful, relevant, valuable, or tailored to you, or otherwise of interest;
- Achieve business purposes, such as account verification, audits, security, compliance with applicable laws and regulations, fraud monitoring and prevention;
- Enforce our Terms of Service or as necessary to establish, exercise or defend legal rights;
- Achieve purposes for which we provide specific notice at the time of collection.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we will rely on a lawful legal ground for the processing of your Personal information, including when:
- You consented to the use of your Personal Information (e.g., for our uses of cookies or similar technologies, to send you marketing communications or personalize our offerings).
- Necessary to provide you with products and services, or to respond to your inquiries.
- The processing is required by applicable law or necessary to comply with a legal obligation.
- We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security, and performance of our products and services, to protect against and prevent payment fraud or to carry out data analyses. We will not engage in what is known as “automated decision-making,” which involves making decisions with legal or similarly significant effects solely based on automated processing of Personal Information, unless you explicitly consented to the processing, the processing is necessary for entering into, or to perform a contract, or when authorized by applicable law.
- When providing our Services, we may disclose Personal Information about you to our business customers (e.g., e-commerce merchants), such as whether a payment transaction is legitimate or potentially fraudulent, to help them prevent fraud in the context of online payments.
We also may disclose Personal Information to third-party service providers that assist us in our work (including, but not limited to, data enrichment, analytics, payment processing and data storage and processing facilities).
Additionally, we may disclose Personal Information to third parties if we believe that doing so is legally required or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others.
In addition, information about our users, including Personal Information, may be disclosed as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which Personal Information could be transferred to third parties as one of our business assets.
- Promotional Emails
If you receive promotional emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving promotional emails from us by sending us an email or by writing to us at the address given at the end of this policy.
Additionally, as part of the user account functionality on our Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us.
Please be aware that if you opt-out of receiving promotional email from us, it may take up to ten business days for us to process your opt-out request, and you may receive promotional email from us during that period. Additionally, even after you opt-out from receiving promotional messages from us, you will continue to receive administrative messages from us regarding our Services.
Cookies and Similar Technologies
We work with third party advertising partners to show you personalized ads about our products on other websites and platforms. Some of our advertising partners are members of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/) or the Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=EN). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies. You can also access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.
Signifyd does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who use or visit our Services.
Access and Deletion
As part of the user account functionality on our Services, you may have the ability to access and update many categories of Personal Information that you provide to us by logging into your account and accessing your account settings. If you wish to access, amend or request deletion of any Personal Information that you have provided to us, you may contact us at firstname.lastname@example.org call us at (866) 220-1415 or submit this request at http://www.signifyd.com/dsar.
If you request that we delete your user account on any of our Services (via a user settings page, by email, or otherwise), we will do so within a reasonable period of time, but we may need to retain some of your Personal Information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal. Those rights may be limited in some circumstances by local law requirements. You may exercise your rights by contacting us as specified below.
- Children’s safety is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Services are not directed to children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information from a child under the age of 13 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such Personal Information on our Services, please notify us at email@example.com.
- Our Services are hosted in the United States and are intended generally for United States users. However, individuals located outside of the United States may also benefit from our Services. We may transfer your Personal Information to countries other than the country where you are located, including to the United States where we are headquartered. While the Privacy Shield Framework has been declared to be insufficient for the protection of data transfers for transfers of Personal Information from the European Economic Area, the United Kingdom, or Switzerland to the United States, Signifyd still complies with the requirements as prescribed by the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Please see Clause 8 for further details. In addition, to supplement the Privacy Shield and comply with recent rulings, Signifyd also relies on the European Commission’s Standard Contractual Clauses for transfers of Personal Information from the European Economic Area, the United Kingdom, or Switzerland, while awaiting further legal guidance from international regulators. Signifyd may also transfer your Personal Information to countries which provide an adequate level of protection under EU law. This must also be balanced with the requirement for Signifyd to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. You may contact us at firstname.lastname@example.org to obtain further information on the safeguards we use to transfer Personal Information outside of the EEA, the United Kingdom, or Switzerland.
- We use reasonable security measures that are designed to protect Personal Information in our control from loss, misuse, unauthorized access, use, disclosure, alteration, or accidental, unlawful or unauthorized destruction. Please note, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any Personal Information or other information or that it will not be accessed, viewed, or acquired by unauthorized persons.
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
- We may occasionally update this policy. When we do, we will also revise the “last updated” date at the beginning of the policy. Your continued use of our Services after such changes will mean that you accept the revised policy. We encourage you to periodically review this policy to stay informed about how we collect, use, and disclose Personal Information.
Attn: Signifyd Privacy Issues
2540 North First Street, Suite 300
San Jose, CA 95131
Tel: (866) 220-1415
Please note, the role and department responsible for compliance with the obligations under this Notice is:
Associate General Counsel/Data Protection Officer
2540 North First Street, Suite 300
San Jose, CA 95131
Tel: (866) 220-1415
You may contact our European Local Representatives as required under Art. 27 GDPR as follows:
C/ Pizarro 20 – Local
Tel: (866) 220-1415