Privacy Policy

Created by Kevin Gosschalk
Last updated Apr 15, 2021 by Phil StefforaVersion comment

Arkose Labs Privacy Policy
Effective date: 31 January, 2019

We at Arkose Labs, Inc. and its affiliates (collectively, “Arkose Labs”, “we” or “us”) know you care about how information related to an identified or identifiable individual (“Personal Data”) is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy. This Privacy Policy applies to Personal Data collected by us (as further defined and described below) in connection with our website at www.arkoselabs.com (the “Website”) and our products and services that reference this Privacy Policy (together with our Website, the “Services”), but does not cover the practices of companies we don’t own or control, or people that we don’t manage. By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

Remember that your use of Arkose Labs’s Services is at all times also subject to the customer agreement and/or other end user agreement between you and Arkose Labs.

List of Contents

  • What Does This Privacy Policy cover?
    • Transfers of Personal Data
      • EU Personal Data
    • Notice of What Information We Collect and How We Use It
      • Types of Personal Data We Collect
        • Information We Collect Directly From You
        • Information We Receive From Third Party Sources
        • Information We Automatically Collect When You Use Our Service
          • Cookies
          • Web Beacons
          • Information Collected From Other Websites and Do Not Track Policy
        • Use of Personal Data
      • Processing Grounds
      • How, And With Whom, Is Your Information Shared?
      • Security
      • Data Retention
      • Your Privacy Rights
        • Rights Under GDPR
          • Access, Rectification, Erasure, Withdrawal of Consent, Portability, Objection, Restriction of Processing and Right to File Complaint
        • Resolving Privacy Complaints, Generally
        • California
      • What Choices Do You have?
        • Do Not Track Policy
      • Changes to the Privacy Policy
      • Children
      • Contact us

1. WHAT DOES THIS PRIVACY POLICY COVER?
This Privacy Policy covers our treatment of Personal Data that we gather when you are accessing or using our Services, but not to the practices of companies we don’t own or control, or people that we don’t manage. We gather various types of Personal Data from our users, as explained in more detail below, and we use this Personal Data internally in connection with our Services, including to personalize, provide, and improve our services, to allow you to set up a user account for our services, to contact you and, in some cases, allow others to contact you, to fulfill your requests for certain products and services, to assist with any operational difficulties or support issues, and to analyze how you use the Services. In certain cases, we may also share some Personal Data with third parties, but only as described below.

2. TRANSFERS OF PERSONAL DATA
The Services are hosted and operated in the United States (“U.S.”) through Arkose Labs and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you are located. By using the Services, you acknowledge that Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Arkose Labs in the U.S. and will be hosted on U.S. servers, and you authorize Arkose Labs to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. as set forth herein.

3. EU PERSONAL DATA
If you are located in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the E.U. General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.

For this section, we use the terms “Personal Data” and “processing” as they are defined in GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Arkose Labs is the controller of your Personal Data except where we process Personal Data of our customers’ end users and employees in connection with our provision of services to these customers, in which case we are the processor of Personal Data, and those customers are the controllers of the Personal Data.

For questions about cases where we are the controller of your Personal Data, or to inquire about your rights in such cases where applicable, please contact us at GDPR@arkoselabs.com. For more information about your potential rights under the GDPR in cases where we are the processor, and to exercise such rights where applicable, please contact the controller party in the first instance.
If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at GDPR@arkoselabs.com.

4. NOTICE OF WHAT INFORMATION WE COLLECT AND HOW WE USE IT
a. Types of Personal Data We Collect
We collect and maintain Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.
b. Information We Collect Directly From You: We receive Personal Data directly from you when you provide us with such Personal Data (for example, when you create an account, fill out a survey or send us feedback), including without limitation the following:
● Name
● Postal, residential and/or company addresses
● Email address
● Phone number(s)
● Username and password
● Bank account and credit or debit card details
● Age

c. Information We Receive From Third Party Sources: We also collect data from other sources, such as:
● Our customers
● Third-party business partners and data and service providers
● Publically available sources, including without limitation court judgments, directorship and bankruptcy searches, White Pages directory and social media platforms (e.g., Facebook, Twitter, Google, Instagram)
Personal Data we collect from these sources includes, for example:
● Contact data (e.g., name, address, email address and phone)
● Billing information

d. Information We Automatically Collect When You Use Our Services: Some Personal Data is automatically collected when you use our Services such as the following:
● IP address
● Device identifiers
● Web browser information
● Page view statistics
● Usage information
● Cookies and other tracking technologies (e.g. web beacons, pixel tags, SDKs, etc.) -- For more information, please review our Cookie Policy.
● Log data (e.g. access times, hardware and software information)

e. Cookies: Like many websites and mobile application operators, we (directly and through our third party service providers) collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Services, and other similar technologies. Cookies can either be “session cookies” or “persistent cookies”. Session cookies are temporary cookies that are stored on your device while you are visiting or using our Services, whereas “persistent cookies” are stored on your device for a period of time after you leave our Services. We use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our Services, and how your use of the Services varies over time. For more information on cookies, including how to control your cookie settings and preferences, visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/ and http://www.allaboutcookies.org/.
Some cookies are placed by a third party on your device and provide information to us and third parties about your browsing habits (such as your visits to our Services and the pages you have visited. These cookies can be used to determine whether certain third party services are being used, to identify your interests, to retarget advertisements to you and to serve advertisements to you that we or others believe are relevant to you. Again, this Privacy Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices. Please be aware that cookies placed by third parties may continue to track your activities online even after you have left our Services, and those third parties may not honor “Do Not Track” requests you have set using your browser or device.
The Services uses the following cookies:

• Essential Cookies: Essential cookies are required for providing you features or services that you have requested. For example, certain cookies enable you to log into secure areas of our website. Disabling these cookies will make certain features and services unavailable.

• Functionality Cookies: Functional cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).

• Performance/Analytical Cookies: Performance/analytical cookies allow us to understand how visitors use our website and Services such as by collecting information about the number of visitors to the website, what pages visitors view on our website, and how long visitors are viewing pages on the website. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Service’s content for those who engage with our advertising.

• Retargeting/Advertising Cookies: Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.

In some cases, cookies may enable us to aggregate certain information with other Personal Data we collect and hold about you. Arkose Labs extends the same privacy protection to your Personal Data, whether gathered via cookies or from other sources, as detailed in this Privacy Policy.

You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.

f. Web Beacons: We collect information using Web beacons. Web beacons are electronic images that can be used in connection with our Services, including in emails we send on behalf of our business partners. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon

g. Information Collected From Other Websites: Through cookies we place on your browser or device, we may collect information about your online activity after you leave our Services. Just like any other usage information we collect, this information allows us to improve the Services and customize your online experience, and otherwise as described in this Privacy Policy.

5. USE OF PERSONAL DATA
We use Personal Data collected through our Services to operate, improve, understand and personalize our Services. For example, we use Personal Data to:

• Provide and deliver the Services, for example, to set up an account on the Services and provide service dashboard, communication services and reports
• Operate and improve our internal operations, systems, products, and services
• Process payments, including charging, verification and debt collection, and refunds, if applicable
• Protect the Services from security threats, fraud or other criminal activities
• Communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, emails to ask you to participate in surveys or reviews and our products and services, or email you about your use of the Services. If you do not want to receive communications from us, please indicate your preference by contacting us via the details set out at the bottom of this document. Please note that you cannot opt-out of non-marketing communications if you would like to continue using the Services.
• Directly market our products or services. For example, we may provide you with information and to tell you about our products, services or events or any other direct marketing activity which we consider may be of interest to you, whether by post, email, SMS, messaging applications and telephone if you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you direct marketing communications given the transaction or communication you have had with us. The foregoing does not apply where it is expressly prohibited by applicable law. If at any time you do not wish to receive any further direct marketing communications from us or others under this section, you may ask us not to send you any further information about products and services and not to disclose your information to other organizations for that purpose. You may do this at any time by using the “unsubscribe” facility included in the direct marketing communication or by contacting us via the details set out at the bottom of this document.
• Perform consumer analytics
• Correlate user behavior with bad actors on websites
• Respond on other websites if there is a known bad actor
• Identify analytics of our Service loaded in different regions

We store and process Personal Data in the United States and other countries directed by our partners that may have data protection laws different than your home country. We do not own or control the data that we process on behalf of our partners. Our partners can use Personal Data for other purposes other than listed above and may store and process your Personal Data in other locations, please visit their respective privacy policies to understand their practices.

We do not collect, retain, or share any personally identifiable information (including unique user identifiers and IP addresses) gathered on sites or apps not owned by us (“Third Party Provided PII”), except for the purpose of providing our fraud detection and prevention related services and never to create user profiles. We only share Third Party Provided PII with customers receiving our fraud detection and prevention services, or as otherwise directed by the applicable customer and services providers if necessary to provide the fraud detection and prevention services to our customers. WE NEVER SHARE THIRD PARTY PROVIDED PII COLLECTED ON ONE CUSTOMER’S SITE WITH OTHER CUSTOMERS. Retention of Third Party Provided PII is determined by the applicable customers.

6. PROCESSING GROUNDS
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our legitimate interests or the legitimate interest of others.

  • Contractual Necessity: We process Personal Data as a matter of contractual necessity, meaning that we need to process the data to perform under our contract with you or the applicable entity through which you access and use the Services (for example, access to the Arkose Labs Solution and Telemetry Services), which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data:
  • Legitimate Interest: We process Personal Data for certain purposes when we believe it furthers the legitimate interest of us or others (e.g. our users), for example to improve the Arkose Labs Solution and Telemetry Services. Examples of these legitimate interests include:
    • Operation and improvement of our business, products and services
    • Marketing of our products and services
    • Provision of customer support
    • Protection from fraud or security threats
    • Compliance with legal obligations
    • Completion of corporate transactions, such as a merger or acquisition
  • Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
  • Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

7. HOW, AND WITH WHOM, IS YOUR INFORMATION SHARED?
We may share your Personal Data with third parties as described in this section:

a. Service Providers: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we may use administrative service providers to assist us with our administrative matters, IT service providers and consultants to assist us in providing our products and services to you, and e-commerce services and financial institutions in connection with sales and after-sales processing. Unless we tell you differently, our service providers do not have any right to use the Personal Data we share with them beyond what is necessary to assist us.

b. Information That’s Been De-Identified: We may de-identify your Personal Data so that you are not identified as an individual, and provide that information to our business partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual person.

c. Third Party Affiliated Businesses: In certain situations, businesses or third party websites we partner with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when a third party affiliated business is associated with such a transaction or service, and we will share your Personal Data with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to a third party affiliated website or business, please review all such business’ or websites’ policies.

d. User Profiles and Submissions: Certain user profile information, including your name, location, and any video or image content that such user has uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our services. Your account privacy settings may allow you to limit the other users who can see the Personal Data in your user profile and/or what information in your user profile is visible to others. Please remember that any content you upload to your public user profile, along with any Personal Data or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone.

e. Business Transfers and Corporate Transactions: We may choose to buy or sell assets, and may share and/or transfer customer information and/or Personal Data in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party. In such an event, unless we notify you otherwise, any such acquirer of our business will continue to use your Personal Data solely as set forth in this Privacy Policy.

f. Additional disclosures: We also reserve the right to access, read, preserve, use and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce this Privacy Policy and our customer agreement and/or other agreement between you and us, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security or technical issues; (iv) respond to user support requests, (v) protect our rights, property or safety, our users and the public, including if we reasonably believe use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety, or (vi) address unlawful activity that we suspect has be, or is being, engaged in. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

g. Other Uses: In the event we propose to use any Personal Data for purposes not set forth in this Privacy Policy, at or around the time we collect such Personal Data from you, we will endeavor to provide you with a notice which details how we will use and disclose that specific information or seek your consent prior to such disclosure or use.

8. SECURITY
We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We will take reasonable steps to (i) make sure that the Personal Data we collect, use or disclose is accurate, complete and up to date, (ii) protect your Personal Data from misuse, loss, unauthorized access, modification or disclosure both physically and through computer security methods; and (iii) destroy or permanently de-identify Personal Data if it is no longer needed for its purpose of collection.
Furthermore, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

9. DATA RETENTION
We retain Personal Data about you for as long as it remains relevant. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
We reserve the right to access, read, preserve and disclose any information we retain that we reasonably believe is necessary to comply with law or court order, to enforce or apply our Arkose Labs Terms and other agreements; or protect the rights, property, or safety of Company, our employees, our users, or others.

10. YOUR PRIVACY RIGHTS

a. Rights Under GDPR
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights where we are the controller of your personal data, or to submit a request, please email GDPR@arkoselabs.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

For Personal Data for which we are the processor, please contact the controller party to exercise your Personal Data rights.

● Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by emailing us at GDPR@arkoselabs.com.
● Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
● Erasure: You can request that we erase some or all of your Personal Data from our systems.
● Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
● Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
● Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
● Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
● Right to File Complaint: You have the right to lodge a complaint about Arkose Labs’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

b. RESOLVING PRIVACY COMPLAINTS, GENERALLY
We have put in place a mechanism and procedure to resolve privacy complaints. We will endeavor to deal with all complaints in a reasonably appropriate timeframe.
In order to resolve a complaint, we: (a) will liaise with you to identify and define the nature and cause of the complaint; (b) may request that you provide the details of the complaint in writing; (c) will keep you informed of the likely time within which we will respond to your complaint; and (d) will inform you of the legislative basis (if any) of our decision in resolving such complaint.
We will keep a record of the complaint and any action taken in a Register of Complaints.

c. CALIFORNIA
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us by submitting a written request to the following address: 250 Montgomery St, Lvl 10, San Francisco.
California residents are entitled to ask us for a notice identifying the categories of Personal Data which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: CAPD@arkoselabs.com.

11. WHAT CHOICES DO YOU HAVE?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
To the extent practicable and reasonable, we will endeavor to provide you with the option of dealing with Arkose Labs on an anonymous basis or through the use of a pseudonym. However, there may be circumstances in which it is not practicable for Arkose Labs to correspond with you in this manner and your Personal Data may be required in order to provide you with our products and services or to resolve any issue you may have.
Do Not Track Policy: Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.

12. CHANGES TO THE PRIVACY POLICY
We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on the Arkose Labs.com website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is collected.

13. CHILDREN
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Data, please contact us at GDPR@arkoselabs.com.

14. CONTACT US
If you have any questions about this Privacy Policy or our data practices generally, please contact us using the following information:
Name: Brendan Brummer
Physical address: 250 Montgomery St, Lvl 10, San Francisco
Email address for contact: GDPR@arkoselabs.com
Data Protection Officer and contact information: Phil Steffora | security@arkoselabs.com