November 19, 2018
Last updated: May 11, 2018
ThreatMetrix, Inc., a LexisNexis Risk Solutions company (“we,” “us” or “our”), has certified to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks as set forth by the U.S. Department of Commerce. Our Privacy Shield certification is listed here: www.privacyshield.gov/list.
We adhere to the Privacy Shield Principles including relevant Supplemental Principles (collectively, the “Principles”) with respect to all personal data that is provided by our business customers and their authorized users in the European Economic Area (“EEA”) and Switzerland in reliance on the Privacy Shield under contract with us or our affiliates or resellers. If there is any conflict between the terms in this Privacy Shield Notice and the Principles, the Principles shall govern.
TYPES OF PERSONAL DATA COLLECTED
The types of personal data collected from customers and their authorized users includes their contact information, financial and billing information, security authorization and authentication information, preferences, transactional information, usage activity, and client and prospect information, including information from devices used by clients and prospects of our customers and other personal data that customers choose to send to us, such as customer account data.
PURPOSES FOR PERSONAL DATA COLLECTION AND USE
We collect and use such personal data to provide and improve our services, customer and technical support, and billing and commercial marketing activities, to respond to requests, to process transactions, for administrative purposes and as otherwise instructed by customers and their authorized users.
DISCLOSURES TO THIRD PARTIES
We disclose such personal data to the following types of third parties for the foregoing purposes:
- Affiliates, contractors, service providers and other third parties to assist us in providing our services, support and related activities to customers based on our instructions;
- Customers’ affiliates and their administrators and other authorized recipients as part of the customer group’s subscription to our services or as otherwise instructed by customers;
- Business partners, sponsors and other third parties with which we offer webinars, white papers, applications and other services;
- Channel partners, such as distributors and resellers, to fulfill product and information requests;
- Other corporate entities as part of a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets.
We remain responsible for the personal data that we share with third parties for processing on our behalf, and we remain liable under the Principles if such third parties process such personal data in a manner inconsistent with the Principles and we are responsible for the event giving rise to the damage.
We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
RIGHTS OF ACCESS AND LIMITING USE AND DISCLOSURE
Individuals in the EEA and Switzerland have a right to access to their personal data, to correct, amend, or delete that data, and to limit use and disclosure of that data, subject to certain exceptions. To exercise these rights, please contact us via the contact details below. Please note that where we are acting as a processor of personal data for our customer, we may first refer your request to the customer that submitted your personal data, and we will assist our customer as needed in responding to your request.
INQUIRES OR COMPLAINTS
If you have any inquiry or complaint concerning this Privacy Shield Notice or our participation in the Privacy Shield, please contact: Privacy Manager, LexisNexis Risk Solutions, 1000 Alderman Drive, Alpharetta, GA 2005, USA, firstname.lastname@example.org.
If the issue cannot be resolved through our internal processes, you may file a claim free of charge with JAMS, an independent U.S. alternate dispute resolution provider, at www.jamsadr.com/eu-us-privacy-shield. If you have a complaint left unresolved by all available recourse mechanisms, you may invoke binding arbitration. Additional information is available here: www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.
Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.