Last Update: 19th March 2014
ThreatMetrix collects, at time of your registration and your sign-on to use its software or services, certain “personal” and “organizational” information (information that personally identifies you) such as your name, email address, optionally provided contact details, and your computer hardware and software (e.g. IP address, operating system, browser type, domain name, URL, access times, and referring web site addresses).
2. Purposes for Collecting Personal Information
ThreatMetrix collects and uses personal information for the following Identified Purposes:
- to understand customer needs regarding ThreatMetrix ’s services;
- to develop and provide products and services for its customers;
- to communicate with customers, and to inform customers of upgrades, products and services available from ThreatMetrix and its affiliates;
- to allow customers to access limited-entry areas of ThreatMetrix ’s site;
- to personalize some of our services and products for you;
- (where a product has been purchased) to bill accounts and maintain payment records;
- to satisfy any applicable law, regulation, legal process or government request;
- to respond to a legitimate claim that you are violating the rights of any third party;
- to protect the services, products or rights of ThreatMetrix ; and
- to identify and resolve technical problems concerning ThreatMetrix ’s products and services.
- to identify and test the new features added to our suite of products and services.
ThreatMetrix also uses personal information in an aggregate form (i.e. not individually attributable to you) for its business analysis, operational, marketing and other promotional purposes.
If we hire other companies to provide some products or services on our behalf, then we will only provide those companies the personal information they need for the Identified Purposes.
3. Consent for Collection, Use or Disclosure
A customer may withdraw such consent for collection, use and disclosure at any time, on prior written notice, provided that ThreatMetrix may on such withdrawal suspend or terminate its products and services.
4. Limiting the Collection of Personal Information
ThreatMetrix limits its collection of personal information to only that information which is necessary for the Identified Purposes.
5. Disclosure, Processing and Retention
ThreatMetrix does not sell, rent or disclose your personal information to anyone else except, when the Identified Purposes require ThreatMetrix to disclose the personal information to:
- an agent of the customer;
- agents of ThreatMetrix acting on its behalf for the Identified Purposes;
- a public authority, to avoid or minimize danger to life or property; and
- a third party to which disclosure is required by any law, regulation, legal process or government request.
Your information may be stored and processed in Australia, Great Britain, The Netherlands or in any other country in which ThreatMetrix or its affiliates, subsidiaries maintain facilities. By using this web site, you consent to any such transfer of information outside of your country. After your account becomes inactive, ThreatMetrix will keep your personal information only for those purposes which are established by law, and for archival record purposes for a period of time in keeping with our internal information security policies.
6. ThreatMetrix and the E.U. – U.S. Safe Harbor for Privacy
ThreatMetrix receives private information about customers, employees and business partners from sources outside of the United States including countries within the European Union. We have self-certified that our privacy practices are consistent with U.S.—E.U. safe harbor principles: notice, choice, onward transfer, access and accuracy, security, and oversight/enforcement. More information about the U.S. Department of Commerce Safe Harbor Program can be found at http://www.export.gov/safeharbor/.
ThreatMetrix has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Principles to an independent recourse mechanism as prescribed by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by ThreatMetrix, please visit the JAMS web site at www.jamsadr.com for more information.
7. Accuracy of Personal Information
ThreatMetrix will use reasonable efforts to keep customer personal information accurate for the Identified Purposes, and for minimizing the possibility of making inappropriate customer decisions based on such information. Customers are responsible for informing ThreatMetrix about changes to their personal information. ThreatMetrix will update personal information when necessary to keep it accurate or else provide customers the facility to make such updates.
8. Security Safeguards
ThreatMetrix will use reasonable efforts to protect personal information against loss, unauthorized access, disclosure, misuse or modification, through security safeguards that depend on the level of sensitivity of the information. Methods of protection include organizational measures (contract provisions, security clearance, limiting access to need-to-know ThreatMetrix personnel), technological measures (passwords, encryption), and physical measures (locked file storage, security card access). ThreatMetrix will control personal information disclosed to authorized third parties by entering into agreements which contain confidentiality provisions and restrictions on use and which limit the amount of information disclosed to only that which is needed for the Identified Purposes.
9. Openness of Policy
10. Access to Personal Information
ThreatMetrix will afford you a reasonable opportunity to review the personal information in your file, in understandable format, either by direct access or upon request to the Privacy Officer made by you after providing sufficient identification.
If ThreatMetrix is not able to provide access to some aspect of a customer’s personal information, it will provide reasons for denying access such as; that by doing so would likely reveal personal information about a third party, or that it is confidential commercial information or attorney-client privileged communications, or that the information relates to a breach of an agreement or a contravention of law, or that its disclosure could reasonably be expected to threaten the life or security of another individual.
Customers have the right to request that inaccurate or incomplete information be amended as appropriate, and ThreatMetrix will promptly correct such personal information or provide the means for you to do so directly.
11. Challenging Compliance