Last Update: 19th March 2014
ThreatMetrix has established this Privacy Policy consisting of ten principles, to protect and manage your (the customer’s) personal information. ThreatMetrix will occasionally update this Privacy Policy. When it does, ThreatMetrix will also revise the “last update” date at the top of this Privacy Policy.

1. Accountability

ThreatMetrix collects, at time of your registration and your sign-on to use its software or services, certain “personal” and “organizational” information (information that personally identifies you) such as your name, email address, optionally provided contact details, and your computer hardware and software (e.g. IP address, operating system, browser type, domain name, URL, access times, and referring web site addresses).
ThreatMetrix has implemented this Privacy Policy to protect personal information received from its customers, and to respond to any inquiries and complaints.
ThreatMetrix has designated responsibility for your personal information to its Privacy Officer, who ensures compliance with the principles in this Privacy Policy. Other ThreatMetrix individuals may be delegated to act on behalf of the Privacy Officer.

2. Purposes for Collecting Personal Information

ThreatMetrix collects and uses personal information for the following Identified Purposes:

  • to understand customer needs regarding ThreatMetrix ’s services;
  • to develop and provide products and services for its customers;
  • to communicate with customers, and to inform customers of upgrades, products and services available from ThreatMetrix and its affiliates;
  • to allow customers to access limited-entry areas of ThreatMetrix ’s site;
  • to personalize some of our services and products for you;
  • (where a product has been purchased) to bill accounts and maintain payment records;
  • to satisfy any applicable law, regulation, legal process or government request;
  • to respond to a legitimate claim that you are violating the rights of any third party;
  • to protect the services, products or rights of ThreatMetrix ; and
  • to identify and resolve technical problems concerning ThreatMetrix ’s products and services.
  • to identify and test the new features added to our suite of products and services.

ThreatMetrix also uses personal information in an aggregate form (i.e. not individually attributable to you) for its business analysis, operational, marketing and other promotional purposes.
If we hire other companies to provide some products or services on our behalf, then we will only provide those companies the personal information they need for the Identified Purposes.

3. Consent for Collection, Use or Disclosure

Registration for ThreatMetrix products and services by a customer will constitute the customer’s consent for ThreatMetrix to collect, use and disclose personal information under this Privacy Policy. ThreatMetrix will normally seek a customer’s consent for any new uses and disclosures of the customer’s personal information, either at the same time it collects the personal information or after it has been collected but before it is used or disclosed for a new purpose. In certain circumstances however, ThreatMetrix will not be required to inform and obtain the consent of the customer, such as investigation of a breach of an agreement, contravention of laws, an emergency where the life, health or security of an individual is threatened, or the collection of a debt.
A customer may withdraw such consent for collection, use and disclosure at any time, on prior written notice, provided that ThreatMetrix may on such withdrawal suspend or terminate its products and services.

4. Limiting the Collection of Personal Information

ThreatMetrix limits its collection of personal information to only that information which is necessary for the Identified Purposes.

5. Disclosure, Processing and Retention

ThreatMetrix does not sell, rent or disclose your personal information to anyone else except, when the Identified Purposes require ThreatMetrix to disclose the personal information to:

  • an agent of the customer;
  • agents of ThreatMetrix acting on its behalf for the Identified Purposes;
  • a public authority, to avoid or minimize danger to life or property; and
  • a third party to which disclosure is required by any law, regulation, legal process or government request.

Your information may be stored and processed in Australia, Great Britain, The Netherlands or in any other country in which ThreatMetrix or its affiliates, subsidiaries maintain facilities. By using this web site, you consent to any such transfer of information outside of your country. After your account becomes inactive, ThreatMetrix will keep your personal information only for those purposes which are established by law, and for archival record purposes for a period of time in keeping with our internal information security policies.

6. ThreatMetrix and the E.U. – U.S. Safe Harbor for Privacy

The U.S. Department of Commerce and the European Commission have developed a “safe harbor” framework of data protection principles. This safe harbor is designed to provide U.S. organizations with a means to satisfy the European Union’s legal requirement that adequate data protections be afforded to personally identifiable information transferred from the European Union to the United States. ThreatMetrix’s privacy policy is consistent with the safe harbor principles, and ThreatMetrix has specifically certified that its transfers of manual and electronic data from the European Union to the United States adhere to these safe harbor principles.

ThreatMetrix receives private information about customers, employees and business partners from sources outside of the United States including countries within the European Union. We have self-certified that our privacy practices are consistent with U.S.—E.U. safe harbor principles: notice, choice, onward transfer, access and accuracy, security, and oversight/enforcement. More information about the U.S. Department of Commerce Safe Harbor Program can be found at http://www.export.gov/safeharbor/.

In compliance with the US-EU Safe Harbor Principles, ThreatMetrix commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union citizens with inquiries or complaints regarding this privacy policy should first contact ThreatMetrix at: complaints@threatmetrix.com

ThreatMetrix has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Principles to an independent recourse mechanism as prescribed by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by ThreatMetrix, please visit the JAMS web site at www.jamsadr.com for more information.

7. Accuracy of Personal Information

ThreatMetrix will use reasonable efforts to keep customer personal information accurate for the Identified Purposes, and for minimizing the possibility of making inappropriate customer decisions based on such information. Customers are responsible for informing ThreatMetrix about changes to their personal information. ThreatMetrix will update personal information when necessary to keep it accurate or else provide customers the facility to make such updates.

8. Security Safeguards

ThreatMetrix will use reasonable efforts to protect personal information against loss, unauthorized access, disclosure, misuse or modification, through security safeguards that depend on the level of sensitivity of the information. Methods of protection include organizational measures (contract provisions, security clearance, limiting access to need-to-know ThreatMetrix personnel), technological measures (passwords, encryption), and physical measures (locked file storage, security card access). ThreatMetrix will control personal information disclosed to authorized third parties by entering into agreements which contain confidentiality provisions and restrictions on use and which limit the amount of information disclosed to only that which is needed for the Identified Purposes.

9. Openness of Policy

This Privacy Policy, and all updates to the Privacy Policy made from time to time, are published and made available to ThreatMetrix ’s customers on its web site www.threatmetrix.com/privacy.htm. It is the customer’s obligation to periodically check the ThreatMetrix web site for Privacy Policy updates.

10. Access to Personal Information

ThreatMetrix will afford you a reasonable opportunity to review the personal information in your file, in understandable format, either by direct access or upon request to the Privacy Officer made by you after providing sufficient identification.
If ThreatMetrix is not able to provide access to some aspect of a customer’s personal information, it will provide reasons for denying access such as; that by doing so would likely reveal personal information about a third party, or that it is confidential commercial information or attorney-client privileged communications, or that the information relates to a breach of an agreement or a contravention of law, or that its disclosure could reasonably be expected to threaten the life or security of another individual.
Customers have the right to request that inaccurate or incomplete information be amended as appropriate, and ThreatMetrix will promptly correct such personal information or provide the means for you to do so directly.

11. Challenging Compliance

ThreatMetrix wants to ensure that its Privacy Policy meets its customers’ needs. If you feel that the Privacy Policy needs improvement, or believe that ThreatMetrix is not following its Privacy Policy, please contact the Privacy Officer.
ThreatMetrix will investigate your suggestions and complaints concerning the ThreatMetrix Privacy Policy. If a complaint is found to be justified, ThreatMetrix will take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures.