Signifyd.com Privacy Shield Policy

Last updated: August 28, 2018

Signifyd, Inc. (“Signifyd”) has subscribed to and will comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the processing of personal information that is transferred from the European Economic Area (“EEA”) or Switzerland to the United States. Signifyd has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). If there is any conflict between this policy and the Principles, the Principles will govern. To learn more about the Framework, and to view our certification, please visit www.privacyshield.gov.

This Privacy Shield Policy supplements our Privacy Policy. This Privacy Shield Policy applies to Signifyd, which is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Personal Information Received from the European Economic Area

Signifyd may receive from the EEA or Switzerland some or all of the information listed in our Privacy Policy. Some of that information may qualify as “personal information” or “personal data” (collectively, “personal information”) as defined in the Principles. To the extent that Signifyd receives personal information from the EEA or Switzerland in reliance on the Framework, Signifyd will handle such personal information in accordance with the Principles.

Data Integrity and Purpose Limitation

Signifyd may use the personal information it receives from the EEA or Switzerland for the purposes set forth in our Privacy Policy or as you may otherwise be notified. We take reasonable steps to ensure that the personal information we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the personal information. We will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the personal information collected under the Framework.

Onward Transfers

Our Privacy Policy describes the circumstances in which we may disclose your information to third parties. We remain responsible for the processing of personal information received under the Framework and subsequently transferred to a third party acting as an agent if the agent processes such personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Data Security

We use reasonable and appropriate measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.

Choice

We will give you an opportunity to choose whether your personal information may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where non-sensitive personal information is involved, and to opt in where sensitive personal information is involved.

Access to Personal Information

Our Privacy Policy sets forth methods by which you may access and/or submit requests to review, correct, update, suppress, or delete information from or about you. Signifyd will comply with the Principles in its handling of such requests with respect to personal information.

Recourse and Enforcement

If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of personal information in accordance with the Principles.

If an issue cannot be resolved through Signifyd’s internal dispute resolution mechanism, you may submit a complaint, at no cost, to the International Centre for Dispute Resolution (ICDR/AAA), which serves as Signifyd’s third-party alternative dispute resolution provider. To learn more about ICDR/AAA’s dispute resolution services or to refer a complaint to ICDR/AAA, click here. For claimed violations of the Principles not resolved by these mechanisms, you may be able to invoke binding arbitration as detailed in the Principles through the Privacy Shield Panel. To learn more about the Privacy Shield Panel, click here.

Contact Information

If you have questions, concerns, or complaints about this Privacy Shield Policy or Signifyd’s privacy practices, please contact us by email at privacy@signifyd.com or write to us at the following address:

Signifyd, Inc.
Attn: Signifyd.com Privacy Issues
2590 North First Street, Suite 300
San Jose, CA 95131
privacy@signifyd.com

Privacy Shield Policy Changes

This Policy may be changed from time to time, consistent with the requirements of the Framework. You can determine when this Policy was last revised by referring to the “Last Updated” legend at the beginning of this Policy. Any changes to this Policy will become effective when posted to our website.