Last Modified: February 14, 2019
Member Information and How We Use It
Information Members send us about themselves ("Member Information")
We collect information about each Member when they register for the Services such as company name, URL, address, industry, company size, fraud related information, and payment information. If the Member pays by credit card, our processor collects that information (we do not store full credit card information). We also collect personal information of those individuals that represent the Member in connection with the use of the Services such as name, job title, email address and phone number.
We use Member Information you provide to:
- provide Members with the Services and for billing and collections;
- create internal analysis and business analytics to improve the Services;
- notify Members regarding technical alerts, updates, security notifications and administrative communications
- send Members marketing information, including product updates, industry news and reports, if it is in accordance with their newsletter and marketing preferences, and
- any other purpose about which we notify Members.
At any time you may ask us to stop sending newsletters or marketing communications to you by clicking the "unsubscribe" link in an email that we send you. If you have any questions, on how to unsubscribe, contact us at email@example.com.
Service Data and How We Use It
Members may submit data through our application programming interface or through the API, including personal information and transaction data with respect to Members’ Customers. Such data includes but is not limited to email addresses, billing and shipping addresses, usernames, telephone numbers, payment information (does not include full credit card information), User behavior, transaction information and transaction history (collectively, "Service Data").
Fraud.net generates analysis and results using the Service Data, whether alone or in combination with other sources, and creates risk profiles for Users, risk assessments, and analytics reports based on the Service Data submitted ("Analytical Results"). Members own their Service Data, but Fraud.net owns the Services and Analytical Results. Each Member decides the types and format of the Service Data they wish to submit for analysis using the Services.
Similarly, in connection with mobile applications, Members may integrate Fraud.net-provided software development kits ("SDKs") to help prevent fraud that may occur through their applications. The SDKs provide Fraud.net more precise information about the Users’ locations such as GPS (if the location settings allow it) and IP address. Additionally, the SDKs collect phone-related metadata (including battery level, device properties, carrier name, motion and proximity information) and unique device identifiers.
From time to time, we may alter our device fingerprinting technology, SDKs, and APIs to improve their effectiveness.
Disclosure of Your Information to Third Parties and Liabilities
Vendors, consultants, and other service providers: We may share Member Information and Service Data with third party vendors, consultants, and other service providers who are working on our behalf and with whom the sharing of such information is necessary to undertake that work, e.g., to process billing or to provide customer support.
Data enrichment: We may share minimal User information (e.g., email addresses) with select third-party vendors for data enrichment purposes. Enriching data allows us to provide a richer subset of data from which to make more informed fraud risk assessments. For example, we share select user email addresses with third parties to obtain links to publicly available social profiles.
Vital interests and legal rights: We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Fraud.net, our Members, or the rights or property of others.
Fraud.net does not (i) share User information with third party marketers or advertisers; (ii) contact Members’ Customers; or (iii) identify individual Members to other Members as the source of Service Data for any Analytical Results.
Service Providers: We may use a 3rd party service provider to provide us with additional compute services and have defined terms and conditions with them in meeting our security principles and standards; and share liabilities should in case underlying principles and expectations are violated by either party.
Data Controllers: Furthermore, in our 3rd party due diligence process, we never share data directly to 3rd party data processors unless there exists a mutual contract between the ‘data controller’ and the 3rd party ‘data processor’. This limits our direct liability should in case data protection principles were not adhered by 3rd party data processor on behalf of the ‘data controller’.
Compliance with laws: We may disclose Member Information and Service Data to a third party where we are legally required to do so in order to comply with any applicable laws, regulations, legal process, or law enforcement or government requests.
Your Rights, Limiting Use and Disclosure as a Data Subject
By law, especially in EU regions, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.
Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.
To submit a request regarding your personal data by email, post or telephone, please use the contact information provided below in the Accessing and Correcting Your Information section of this policy.
Your Right to Complain
If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:
Information Commissioner's Office
Accessing and Correcting Your Information
If you want Fraud.net to correct Your Information that is stored on Fraud.net systems, please submit your request in writing to:
Attn: Legal Department
330 7th Avenue
New York, NY 10001
Subject to our ability to verify your request, Fraud.net will correct the Information within thirty (30) days of receipt of your request.
Fraud.net is committed to privacy and security. Members may contact us for additional information regarding our security measures. Examples of Fraud.net’s security measures include physical, electronic, and procedural safeguards; sophisticated security monitoring tools; documented security policies; use of strong encryption for transmissions to and from Fraud.net Members; restricting access to personally identifiable information; and periodic security reviews by third party security experts.
Following termination or deactivation of an account, we may retain personal information and content for backup, archival, audit, disaster recovery, or otherwise in accordance with the Terms of Service and applicable law.
International Data Transfer
EU-US Privacy Shield Framework
Fraud.net is committed to subjecting to the Privacy Shield Principles all personal data received from the European Union in reliance on the Privacy Shield. We comply with the Privacy Shield Principles regarding the handling of personal data. We may disclose information to comply with any court order, law or legal process, including to respond to any government or regulatory request, including in response by lawful requests to meet national security or law enforcement requirements in accordance with the EU-US Privacy Shield Framework. You may be able to invoke binding arbitration under certain conditions as described in the Privacy Shield Principles.
In accordance with the Privacy Shield Framework, Fraud.net has designated JAMS, a dispute resolution provider located in the United States, to address complaints and provide appropriate recourse free of charge. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. Fraud.net is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
As a processor, Fraud.net does not accept information directly from Members’ Customers, and Members’ Customers do not submit information directly to Fraud.net. Members’ Customers should first contact their respective Members directly with concerns. In accordance with the EU-US Privacy Shield Principles (see "EU-US Privacy Shield Framework" below), Members and Members’ Customers may access their personal data for the purpose of correcting, amending or deleting that information.
Should you have any questions and/or complaints, please feel free to contact us by submitting your request in writing to:
Attn: Legal Department
330 7th Avenue
New York, NY 10001
Your California Privacy Rights
California Civil Code Section 1798.83 permits Members who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.