September 25, 2018
September 20, 2018
Last updated: May 11, 2018
Unless otherwise stated, ThreatMetrix is the controller of the personal information collected when you visit or use the Service. To learn about how we process personal information as part of our products for organizational customers, please see the ThreatMetrix Processing Notice.
2. Information We Collect
We collect information about you in three ways: directly from your input, from third-party sources, and through automated technologies.
2.1 Data You Provide to Us
The types of personal information that we collect directly from you depends on how you interact with us and the Service and may include:
2.2 Data From Your Organization
We may obtain personal information about you from the organization with which you are employed or affiliated in order to activate and manage your access to and use of the organization’s subscription, if any, to the Service, including:
2.3 Data From Other Sources
We also may obtain contact details and other personal information about you from our affiliates and from other third parties, including:
2.4 Data From Service Use
The Service may automatically collect information about how you and your device interact with the Service, including:
3. How We Use Your Information
Depending on how you interact with us and the Service, we use your personal information to:
If you are an administrator of an organization with a subscription to the Service, we will use your details to communicate with you about your organization’s subscription and related services. If you supply us contact information of your colleagues, we may contact those individuals with communications about the Service that may include reference to you.
4. Sharing of Your Information
4.1 Your Organization
If you access the Service through a subscription administered by your organization, your personal information and certain usage data gathered through the Service may be accessed by or shared with the administrators authorized by your organization for the purposes of usage analysis, subscription management and compliance, cost attribution and departmental budgeting.
4.2 Group Companies and Service Providers
Depending on the Service provided, we share personal information with:
4.3 Your Choices
We share your personal information with our affiliates and with sponsors, joint venture partners and other third parties that wish to send you information about their products and services that may be of interest to you, as determined by your choices in managing your communications preferences and other settings.
The Service may let you post and share personal information, comments, materials and other content. Any such contributions you disclose publicly may be collected and used by others, may be indexed by search engines, and might not be able to be removed. Please be careful when disclosing personal information in these public areas.
4.4 For Legal Reasons
We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:
and as part of a corporate transaction, such as a transfer of assets or an acquisition by or merger with another company.
5. Your Communications Preferences
You can customize and manage your communications preferences and other settings when you register with the Service, by updating your account features and preferences, by using the “opt-out” or unsubscribe mechanism or other means provided within the communications that you receive, or by contacting us. We reserve the right to notify you of changes or updates to the Service whenever necessary.
6. Accessing and Updating Your Information
6.1 Your Account
The Service may allow registered users to directly access and review their account information and make corrections or updates upon login at any time. Keeping such information up to date is solely the responsibility of the user. Registered users may also close their account directly through the Service or by contacting the Service’s customer support.
6.2 Your Rights
You have the right under European and certain other privacy and data protection laws, as may be applicable, to request free of charge:
If you wish to exercise any of these rights, please contact us at the address below. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.
7. Data Retention
We retain your personal information for as long as necessary to provide the Service and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. If you access the Service through a subscription administered or sponsored by your organization, we retain your organizational contact details after the termination of your organization’s subscription to continue to communicate with you.
8. Children’s Privacy
We do not knowingly collect information from children under the age of 13 or target the Service to children under 13.
9. Data Security
We use a variety of administrative, physical and technical security measures to help safeguard your personal information.
10. Locations of Processing
Your personal information may be stored and processed in your region or another country where ThreatMetrix affiliates and their service providers maintain servers and facilities, including Australia, Canada, Iceland, Japan, the Netherlands, the United Kingdom and the United States. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.
Where personal information is transferred from the European Economic Area or Switzerland to a country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses and EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, to transfer the data.
ThreatMetrix has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce. For more information, see the ThreatMetrix Privacy Shield Notice. To learn more about the Privacy Shield program, and to view the ThreatMetrix certification, please visit www.privacyshield.gov.
11. Grounds for Processing
When we collect from you any personal information within the scope of European data protection laws, we do so:
Where we rely on your consent to process personal information, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.
You may also lodge a complaint with the data protection authority in the applicable jurisdiction.
Our data protection representative for the European Economic Area and Switzerland is: LexisNexis Risk Solutions UK, Global Reach, Dunleavy Drive, Cardiff CF11 0SN United Kingdom. Attention: Data Protection Officer, DPO@lexisnexisrisk.com.