Verosint, Inc.(referred to in this Privacy Policy as “Verosint”, “we”, “us” or “our”), is dedicated to protecting individuals and businesses by helping them make better security and safer engagement decisions. Verosint provides risk screening and services that aggregate de-identified information about individuals and entities–including people, applications and devices—to create individual risk scores and digital signal prints, helping our clients assess the risk of transacting with individuals and entities online. While we use information such as IP address, email addresses or other identifiers to provide our services, we never resolve these to any natural person and such information remains de-identified at all times.
Operating in this space, we are keenly aware of the importance of individuals’ privacy and we value the trust placed in us in holding individuals’ personal information. This Privacy Policy (or this “Policy”) describes how we collect, use and share information, including personal information.
This Policy describes how we collect, use and share personal information in connection with:
Collectively, we refer to our Site, communications, services and operations as the “Services.”
While reviewing this Policy, here are a few important things to keep in mind:
We provide important information for residents of California in the Notices to Residents of California, US section and for residents of Europe in the Notices to Residents of Europe (including Switzerland and UK) section.
We generally collect information from the following sources: provided to us directly by individuals, collected through automated technologies or collected from a third party.
Information individuals provide to us. Personal information that we collect directly from individuals through the Services or otherwise may include:
Information we collect automatically. We may automatically log the following information about individuals, their computers or mobile devices and any activity occurring on or through the Services:
Information from third parties. We may receive personal information about individuals from other sources, such as:
For personal information that we receive from business clients, we will use and process such personal information in accordance with the specific terms of our contract(s) with each client and in accordance with this Policy. However, in cases where we process personal information on behalf of third parties and business clients and do not control such information, we may not be able to accommodate the requests and choices that are outlined in this Policy. Instead, people should directly contact the business that controls their personal information.
We may combine the personal information we obtain from other sources with the personal information that a person provides to us directly.
Social Media. We may also maintain pages or accounts on social media platforms, such as Instagram, Facebook, Twitter, LinkedIn and Slack. We collect personal information from people who interact with us through social media platforms if they choose to share personal information, such as an account name or contact information. In addition, companies that provide social media platforms may provide us with analytics and aggregated data about our presence on those platforms.
Cookies and Pixel Tags. We, our service providers and third-party partners may also use cookies and similar technologies to collect information via the Services. Cookies are small files stored directly on a computer or device that can collect the information described above. Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the Services and response rates. We may also participate in online advertising networks that use cookies to collect personal information. Many advertising networks offer means to opt out of targeted advertising. More information about targeted advertising is available at https://thenai.org/, and opt-out resources are available at https://optout.networkadvertising.org/.
We use personal information for the following purposes, or as otherwise described in this Privacy Policy or at the time of collection:
Service delivery and business operations. We use personal information to:
Research and development. We may use personal information to analyze and improve the Services and our business and operations.
Marketing. We may send announcements about Verosint or other marketing communications as permitted by law.
To comply with law. We may use and share personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention and safety. We may use personal information and disclose it to law enforcement, government authorities and private parties as we believe necessary or appropriate to: (i) protect our or others’ rights, privacy, safety or property (including by making and defending legal claims); (ii) audit our internal processes for compliance with legal and contractual requirements; (iii) enforce the terms and conditions that govern the Services; and (iv) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
With consent. In some cases, we may specifically ask for consent to collect, use or share personal information, such as when required by law.
To create anonymous data. We may create aggregated, de-identified or other anonymous data from any personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to any specific person. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
We do not share personal information with third parties without consent, except in the following circumstances or as described elsewhere in this Policy:
Affiliates. We may share personal information with our corporate parent, subsidiaries and affiliates, for purposes consistent with this Privacy Policy.
Service providers. We may share personal information with third party companies and individuals that provide services on our behalf or help us operate the Services or our business (such as IT, hosting, human resources services, email delivery, marketing, event management and database management services). Our service providers are obligated to protect the confidentiality of personal information and are only permitted to use the personal information to provide services to us.
Clients. For persons employed by or associated with one of our organizational clients, we may share personal information about the client’s employees with that client.
Professional advisors. We may disclose personal information to professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
To comply with law. We may share personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention and safety. We may share personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (i) protect our or others’ rights, privacy, safety or property (including by making and defending legal claims); (ii) audit our internal processes for compliance with legal and contractual requirements; (iii) enforce the terms and conditions that govern the Services; and (iv) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including personal information, in connection with a business transaction (or potential business transaction) involving Verosint, such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Based on instructions. We may share a person’s personal information with other parties at the instruction or request of the person who is the subject of the personal information.
Verosint does not share personal information with our clients in the regular course of providing our fraud prevention and security tools and services, which only provide fraud risk scores, factors influencing high fraud risk scores and digital signal prints.
Review personal information and request changes. For people who have registered with the Services or have an account through the Services, they can review and change their personal information on their account profile page.
Please understand that we may not be able to alter or delete personal information if we are required under applicable law to maintain that information. We are also not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to provide access to personal information in cases where we hold and process personal information on behalf of one of our clients.
Individual rights. Some individuals may have certain rights under applicable laws, with respect to their personal information. These may include rights to access, correct or delete personal information, portability rights or rights to object or restrict to certain processing of personal information. For those who wish to exercise rights they hold under applicable law, please contact us as directed by the How to Contact Us section. We will process requests as required under applicable laws. Please note that we may take steps to verify the identity of the person who submits a request in order to protect personal information.
Please understand that not all individuals hold rights with respect to personal information and that laws granting such rights may not apply to Verosint. We are also not obligated to comply with requests that are unreasonably burdensome or expensive, or with requests that would interfere with the rights of another individual. In addition, we may not be able or obligated to accommodate the exercise of rights with respect to personal information in cases where we hold and process personal information on behalf of one of our clients.
Opt-out of marketing communications. Any person may opt out of marketing-related emails or other communications by following the opt-out or unsubscribe instructions in our emails or other communications, or by contacting us as directed by the How to Contact Us section. If a person opts out of marketing communications, they may continue to receive service-related, account-related or other non-marketing emails.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to websites or other online services. We currently do not respond to “Do Not Track” or similar signals sent to our Site or Services. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Cookies. Internet browsers may be configured to reject or disable cookies, as described in browser documentation. Please understand, however, that rejecting or disabling cookies may affect one’s experience of the Site or interfere with the ability to access areas or functions of the Site.
Online advertising. We may also participate in online advertising networks that collect personal information. Many advertising networks offer means to opt out of targeted advertising. More information about targeted advertising is available at https://thenai.org/, and opt-out resources are available at https://optout.networkadvertising.org/.
Declining to provide information. One can always decide not to provide personal information. However, we need to collect personal information to provide certain Services. If we do not collect the information requested, we may not be able to provide those Services.
The Services may contain links to other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or other online services that are not associated with us. We do not control third party websites or online services, and we are not responsible for their actions.
The Services are not directed to children under the age of 13, and we do not knowingly collect personal information through the Services from children under the age of 13 without appropriate consent of a parent or guardian. If you believe that we may have collected personal information from a child under the age of 13 through the Services, please contact us as directed by the How to Contact Us section.
The security of personal information is important to us. We employ organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of personal information.
We maintain offices and facilities in the United States, and personal information may be transferred to the United States or other locations outside of one’s state, province or country of residence, where privacy laws may not be as protective as those in the state, province or country where the individual resides.
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will provide notice that changes have been made to this Policy by updating the “Last Updated” date at the top of this Privacy Policy and posting it on the Site. If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach relevant individuals, such as via email or through the Services.
Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, continued use of the Services after the posting of any modified Privacy Policy indicates understanding and acceptance of the terms of the modified Privacy Policy.
Please direct any questions or comments about this Privacy Policy or our privacy practices to [email protected]. We can also be contacted via postal mail at:
Verosint, Inc.
Box 86
Liberty Hill, TX 78642
This section applies to California residents and outlines an individual’s rights and choices with respect to Verosint’s processing of an individual’s personal data under the CCPA.
For business purposes in the last twelve months, we may have collected, used and shared personal data about individuals as described in this Policy. To learn more about the personal data we collect, including the specific pieces of personal data collected, sources of collection, our purposes for collection and the categories of service providers with whom we share personal data, please see the Personal Information We Collect, How We Use Personal Information and How We Share Personal Information sections of this Policy.
We do not sell personal data for business or commercial purposes.
The CCPA grants California consumers certain rights in connection with the personal data collected by businesses, as described below:
To exercise any of the CCPA rights above, please contact us as directed by the How to Contact Us section. We will fulfill requests within forty-five (45) days of receiving a request. Some of these rights may be subject to limitations and qualifications, such as where fulfilling the request would conflict with federal, state or local law, regulatory inquiries, subpoenas or Verosint’s ability to defend against legal claims.
We will verify a request using the individual’s email address. If an individual has created an account with us, we will also verify their request using the information associated with their account, including billing information. Government identification may be required. We cannot respond to an individual’s request if we cannot verify their identity and/or authority to make the request on behalf of another and confirm the personal data relates to them. Making a verifiable consumer request does not require any person to create an account with us.
If an individual wishes to use an authorized agent to submit a request to opt-out on their behalf, they must provide the authorized agent written permission signed by them, the consumer. We may deny a request from an authorized agent if the agent cannot provide to Verosint the individual’s signed permission demonstrating that the agent has been authorized to act on their behalf.
This section applies to individuals located in the EEA, the UK or in Switzerland and outlines additional information about a person’s rights and choices regarding Verosint’s processing of their personal data under the GDPR or equivalent laws in Switzerland and UK.
We collect and process personal data about a person only where we have a legal basis for doing so under applicable data protection laws. Our legal bases include processing personal data as follows:
A person has certain rights related to the personal data we hold about them in our capacity as “controller.” Some of these rights may be subject to limitations and qualifications including when: (i) fulfilling an individual’s request would adversely affect other individuals, company trade secrets or intellectual property; (ii) there are overriding public interest reasons; or (iii) we are required by law to retain an individual’s personal data.
If an individual would like to exercise the rights set forth above, please contact us as directed by the How to Contact Us section. Before we respond to requests for personal data, we will require that an individual verify their identity or the identity of any data subject for whom they are requesting personal data. Our verification methods may include requesting that the individual log into their account, confirm their contact information or email address and/or provide documents for identity verification, depending on the nature of their relationship with us.
We will fulfill an individual’s request within thirty (30) days of receipt unless an exception applies. If an individual has concerns unresolved by Verosint, they may also address any grievance directly with the relevant Supervisory Authority or the ICO for UK-based individuals.
Verosint, Inc. (Box #86, Liberty Hill, TX 78642, USA) is the controller for personal data collected in connection with the use of the Services in the EEA, the UK and Switzerland. Our Data Protection Officer can be contacted as directed by the How to Contact Us section.
For EU personal data protection, Verosint has nominated a GDPR Representative Lionheart Squared who may be contacted at:
EU GDPR Article 27 Representative
Lionheart Squared (Europe) Ltd (FAO 443id)
2 Pembroke House
Upper Pembroke Street 28-32
Dublin, D02 EK84
Republic of Ireland
[email protected]
UK GDPR Article 27 Representative
Lionheart Squared Limited, (FAO 443id)
17 Glasshouse Studios
Fryern Court Road
Fordingbridge
Hampshire, SP6 1QX UK
[email protected]
We are committed to complying with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the EEA, UK and Switzerland to the United States pursuant to Privacy Shield. We have certified that we adhere to the Privacy Shield Principles with respect to such personal data. If there is any conflict between this Policy and the data subject rights under the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit here.
We are aware that, on July 16, 2020, the European Court of Justice invalidated the EU-US Privacy Shield as a means of ensuring adequate protection for personal data transferred to the US. We are also aware that the Swiss Data Protection Authority and Information Commissioner invalidated the Swiss-US Privacy Shield in September 2020. In reflection of these rulings, where we transfer personal data originating in the EEA, UK and/or Switzerland to the US, transfers are made under the Standard Contractual Clauses approved by the European Commission.
By continuing our commitment to the EU-US Privacy Shield and the Swiss-US Privacy Shield frameworks, we remain subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC). Furthermore, pursuant to the Privacy Shield principles, we still acknowledge the right of individuals located in the EEA, UK and/or Switzerland to access, inspect, update or correct their personal data. Individuals located in the EEA, UK and/or Switzerland may exercise their rights by contacting us as directed by the How to Contact Us section.
Under the Privacy Shield, we may be liable for the onward transfer of personal data to third parties as described under the [Personal information we collect] section. If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage. We may be required to release personal data in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.
In compliance with the Privacy Shield principles, we commit to resolving complaints about an individual’s privacy and our collection or use of an individual’s personal data transferred to the US pursuant to Privacy Shield. Individuals located in the EEA, UK and/or Switzerland with Privacy Shield inquiries or complaints may exercise their rights by contacting us as directed by the How to Contact Us section.
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If an individual does not receive timely acknowledgment of their complaint, or if your complaint is not satisfactorily addressed, please visit here for more information and to file a complaint. This service is provided free of charge to you. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 here.