March 27, 2019
Last updated: May 11, 2018
Unless otherwise stated, ThreatMetrix is the controller of the personal information collected when you visit or use the Service. To learn about how we process personal information as part of our products for organizational customers, please see the ThreatMetrix Processing Notice.
2. Information We Collect
We collect information about you in three ways: directly from your input, from third-party sources, and through automated technologies.
2.1 Data You Provide to Us
The types of personal information that we collect directly from you depends on how you interact with us and the Service and may include:
- Contact details, such as your name and work address, postal address and phone number;
- Account login credentials, such as usernames and passwords, password hints and similar security information;
- Other account registration and profile information, such as educational and professional background and photo;
- Payment information, such as a credit or debit card number;
- Comments, feedback and other information you provide to us, including search query data and questions or information you send to customer support; and/or
- Interests and communication preferences, including preferred language.
2.2 Data From Your Organization
We may obtain personal information about you from the organization with which you are employed or affiliated in order to activate and manage your access to and use of the organization’s subscription, if any, to the Service, including:
- Contact details, such as your name and work email address, postal address and phone number;
- Other account registration information, such as job title; and/or
- Organizational user ID.
2.3 Data From Other Sources
We also may obtain contact details and other personal information about you from our affiliates and from other third parties, including:
- Service providers that help us determine a location in order to customize certain products to your location;
- Partners with which we offer co-branded services or engage in joint marketing activities; and/or
- Publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold.
2.4 Data From Service Use
The Service may automatically collect information about how you and your device interact with the Service, including:
- Computer, device and connection information, such as IP address, browser type and version, operating system and other software installed on your device, unique device identifier and other technical identifiers, error reports and performance data;
- Usage data, such as the features you used, the settings you selected, your URL click stream data, including date and time stamp and referring and exit pages, and pages you visited on the Service; and/or
- For location-aware Services, the region, city or town where your device is located in order to provide you with more relevant content for where you are in the world.
3. How We Use Your Information
Depending on how you interact with us and the Service, we use your personal information to:
- Provide, activate and manage your access to and use of the Service;
- Process and fulfill a request, order, download, subscription or other transaction;
- Provide technical, product and other support and to help keep the Service working, safe and secure;
- Enhance and improve the Service and our other products and services and to develop new products, services and benefits;
- Offer you customized content and other personalization to make the Service more relevant to your interests and geography;
- Respond to your requests, inquiries, comments and concerns;
- Notify you about changes, updates and other announcements related to the Service and our other products and services;
- Deliver targeted advertisements, promotional messages, notices and other information related to the Service and your interests;
- Provide you with promotional messages and other information about products, events and services of ours, our affiliates and third parties such as sponsors;
- Invite you to participate in user testing and surveys as well as sweepstakes, competitions and similar promotions;
- Identify usage trends and develop data analysis, including for purposes of research, audit, reporting and other business operations, including determining the effectiveness of our promotional campaigns and evaluating our business performance, or in other ways pursuant to a customer agreement; and/or
- Comply with our legal obligations, resolve disputes, and enforce our agreements.
If you are an administrator of an organization with a subscription to the Service, we will use your details to communicate with you about your organization’s subscription and related services. If you supply us contact information of your colleagues, we may contact those individuals with communications about the Service that may include reference to you.
4. Sharing of Your Information
4.1 Your Organization
If you access the Service through a subscription administered by your organization, your personal information and certain usage data gathered through the Service may be accessed by or shared with the administrators authorized by your organization for the purposes of usage analysis, subscription management and compliance, cost attribution and departmental budgeting.
4.2 Group Companies and Service Providers
Depending on the Service provided, we share personal information with:
- Our ThreatMetrix affiliates, other entities within the LexisNexis Risk Solutions group of companies (for a list of locations, click here), and certain RELX Group companies that provide technology, customer service and other shared services functions; and/or
- Our service providers, suppliers, agents and representatives, including but not limited to website maintenance, database management, web analytics, customer support, event venue and service providers, and email service providers;
4.3 Your Choices
We share your personal information with our affiliates and with sponsors, joint venture partners and other third parties that wish to send you information about their products and services that may be of interest to you, as determined by your choices in managing your communications preferences and other settings.
The Service may let you post and share personal information, comments, materials and other content. Any such contributions you disclose publicly may be collected and used by others, may be indexed by search engines, and might not be able to be removed. Please be careful when disclosing personal information in these public areas.
4.4 For Legal Reasons
We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:
- meet any applicable law, regulation, legal process or other legal obligation;
- detect, investigate and help prevent security, fraud or technical issues; and/or
- protect the rights, property or safety of ThreatMetrix, our users, employees or others;
and as part of a corporate transaction, such as a transfer of assets or an acquisition by or merger with another company.
5. Your Communications Preferences
You can customize and manage your communications preferences and other settings when you register with the Service, by updating your account features and preferences, by using the “opt-out” or unsubscribe mechanism or other means provided within the communications that you receive, or by contacting us. We reserve the right to notify you of changes or updates to the Service whenever necessary.
6. Accessing and Updating Your Information
6.1 Your Account
The Service may allow registered users to directly access and review their account information and make corrections or updates upon login at any time. Keeping such information up to date is solely the responsibility of the user. Registered users may also close their account directly through the Service or by contacting the Service’s customer support.
6.2 Your Rights
You have the right under European and certain other privacy and data protection laws, as may be applicable, to request free of charge:
- access to and correction or deletion of your personal information;
- restriction of our processing of your personal information, or to object to our processing; and
- portability of your personal information.
If you wish to exercise any of these rights, please contact us at the address below. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.
7. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. If you access the Service through a subscription administered or sponsored by your organization, we retain your organizational contact details after the termination of your organization’s subscription to continue to communicate with you.
8. Children’s Privacy
We do not knowingly collect information from children under the age of 13 or target the Service to children under 13.
9. Data Security
We use a variety of administrative, physical and technical security measures to help safeguard your personal information.
10. Locations of Processing
Your personal information may be stored and processed in your region or another country where ThreatMetrix affiliates and their service providers maintain servers and facilities, including Australia, Canada, Iceland, Japan, the Netherlands, the United Kingdom and the United States. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.
Where personal information is transferred from the European Economic Area or Switzerland to a country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses and EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, to transfer the data.
ThreatMetrix has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce. For more information, see the ThreatMetrix Privacy Shield Notice. To learn more about the Privacy Shield program, and to view the ThreatMetrix certification, please visit www.privacyshield.gov.
11. Grounds for Processing
When we collect from you any personal information within the scope of European data protection laws, we do so:
- where necessary to provide the Service, fulfill a transaction or otherwise perform a contract with you or at your request prior to entering into a contract;
- where necessary for our compliance with applicable law or other legal obligation;
- where necessary for the performance of a task carried out in the public interest;
- where applicable, with your consent; and/or
- as necessary to operate our business, protect the security of our systems, customers and users, detect or prevent fraud, enable our customers to comply with legal obligations, or fulfill our other legitimate interests as described in clauses 2-4 above, except where our interests are overridden by your privacy rights.
Where we rely on your consent to process personal information, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.
You may also lodge a complaint with the data protection authority in the applicable jurisdiction.
Our data protection representative for the European Economic Area and Switzerland is: LexisNexis Risk Solutions UK, Global Reach, Dunleavy Drive, Cardiff CF11 0SN United Kingdom. Attention: Data Protection Officer, DPO@lexisnexisrisk.com.