Privacy Policy

Updated: 23 September 2016

Privacy Policy
ThreatMetrix, Inc. (“ThreatMetrix”) is committed to maintaining the privacy of personal information that you provide to us when using any of our online services. This privacy policy describes how we treat the information we receive when you transmit data to ThreatMetrix.

Web Form Information
When you submit information to ThreatMetrix, we may collect personally identifiable information from you that may include your name, address, and email address. We do not knowingly collect personal information from persons under the age of 18.

Web Site Usage Information

We automatically collect IP addresses and web site usage information from you when you access any of our online services. This information helps us evaluate how our visitors and subscribers use and navigate our web sites on an aggregate basis, including but not limited to the number and frequency of visitors and subscribers to each web page, and the length of their visits.

How We Use Information Collected

We may use information in the following ways:
• For the purposes you specifically provided the information including, for example, enabling us to respond to your questions about our products and services.
• To send you email notifications about our new or existing products and services, special offers, or to otherwise contact you.
• To enhance existing features or develop new features, products, and services.
• To allow us to personalize the content and advertising that you and others see based on personal characteristics or preferences.

Except as specifically set forth in this privacy policy, we will not share your personally identifiable information outside of ThreatMetrix. We may disclose and use personally identifiable information in special circumstances where it is necessary to enforce our service agreements or terms of use (for example to protect our intellectual property rights). We may also disclose or use your personal information when we, in good faith, believe that the law may require us to do so. Please be aware that ThreatMetrix may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Service Providers, Business Partners and Others
ThreatMetrix may employ third party companies and individuals to facilitate our service, to provide the service on our behalf, to perform Site-related services (including but not limited to maintenance services, database management, web analytics and improvement of our web sites’ features) or to assist us in analyzing how our web sites and services are used. These third parties have access to your personal Information only for purposes of performing these tasks on our behalf.

Business Transfers
ThreatMetrix may sell, transfer or otherwise share some or all of its assets, including your personal information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

Cookies
We define a cookie as any string of data that is automatically stored on your computer upon access to our online services. ThreatMetrix employs cookies to assign temporary identification numbers to machines that access our web servers. This information enables us to deliver faster service to our subscribers, prevent denial of service attacks on our systems, and detect and prevent fraudulent transactions.

Security
The personally identifiable information we collect about you is stored in limited access servers. We maintain safeguards to protect the security of these servers and your personally identifiable information. We retain personally identifiable information only as long as necessary to complete a purchase, thwart fraud, provide customer service, or maintain your account with us.

US-EU Privacy Shield Framework
ThreatMetrix complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. ThreatMetrix has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.

ThreatMetrix is a “processor” of personal data as defined in Article 2(e) of the Directive. ThreatMetrix provides processing services in the US for its European Union business partners (“EU Business Partners”) which include merchants and financial institutions and other applicable businesses. ThreatMetrix also provides processing for US based business partners. We act as a data processor and data importer on behalf of our EU Business Partners, and accordingly we follow the instructions provided by each EU Business Partner with regard to the collection, processing and protection of personal data provided to us by each such EU Business Partner. Each EU Business Partner acts as the data controller and data exporter for any personal data within its control. Residents in the EU should contact the applicable EU Business Partner with questions regarding the collection of their personal data.

In compliance with the EU-US Privacy Shield Principles (“the Principles”), ThreatMetrix commits to resolve questions and complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy and/or the types of data ThreatMetrix collects, please contact ThreatMetrix at legal@threatmetrix.com. Please note that ThreatMetrix acts as a data processor and the majority of the data ThreatMetrix processes is anonymous. In instances of onward transfers, ThreatMetrix has the responsibility for processing personal information that is not anonymized in accordance with the Principles and subsequent transfers to third parties that may act on ThreatMetrix’s behalf. ThreatMetrix will remain liable under the Principles if its third party agents process such non-anonymized personal information in a manner inconsistent with the Principles.

Written correspondence may be sent to:
Privacy Mailbox
160 W. Santa Clara St., Suite 1400, San Jose, California, 95113, USA

ThreatMetrix has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield and Safe Harbor Programs administered by JAMS, a dispute resolution provider located in the United. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. As a last resort, and in limited situations, European Union individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. ThreatMetrix is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

US-Swiss Safe Harbor
ThreatMetrix complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. ThreatMetrix has certified that it adheres to the Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor.

In compliance with the US-Swiss Safe Harbor Principles, ThreatMetrix commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact ThreatMetrix at legal@threatmetrix.com.

Written correspondence may be sent to:
Privacy Mailbox
160 W. Santa Clara St., Suite 1400, San Jose, California, 95113, USA

ThreatMetrix has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield and Safe Harbor Programs administered by JAMS, a dispute resolution provider located in the United. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.

Policy Modifications
We may change this privacy policy from time to time. We will post any changes here, so please check back periodically.

Comments and Questions
If you have any questions, comments or concerns about our privacy policy, you may contact us at legal@threatmetrix.com.