Effective date: 31 January, 2019
Remember that your use of Arkose Labs’s Services is at all times also subject to the customer agreement and/or other end user agreement between you and Arkose Labs.
List of Contents
- Transfers of Personal Data
- Notice of What Information We Collect and How We Use It
- Types of Personal Data We Collect
- Information We Collect Directly From You
- Information We Receive From Third Party Sources
- Information We Automatically Collect When You Use Our Service
- Web Beacons
- Information Collected From Other Websites and Do Not Track Policy
- Use of Personal Data
- Processing Grounds
- How, And With Whom, Is Your Information Shared?
- Data Retention
- Your Privacy Rights
- Rights Under GDPR
- Access, Rectification, Erasure, Withdrawal of Consent, Portability, Objection, Restriction of Processing and Right to File Complaint
- Resolving Privacy Complaints, Generally
- What Choices Do You have?
- Contact us
2. TRANSFERS OF PERSONAL DATA
The Services are hosted and operated in the United States (“U.S.”) through Arkose Labs and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you are located. By using the Services, you acknowledge that Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Arkose Labs in the U.S. and will be hosted on U.S. servers, and you authorize Arkose Labs to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. as set forth herein.
3. EU PERSONAL DATA
If you are located in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the E.U. General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Arkose Labs is the controller of your Personal Data except where we process Personal Data of our customers’ end users and employees in connection with our provision of services to these customers, in which case we are the processor of Personal Data, and those customers are the controllers of the Personal Data.
For questions about cases where we are the controller of your Personal Data, or to inquire about your rights in such cases where applicable, please contact us at GDPR@arkoselabs.com. For more information about your potential rights under the GDPR in cases where we are the processor, and to exercise such rights where applicable, please contact the controller party in the first instance.
4. NOTICE OF WHAT INFORMATION WE COLLECT AND HOW WE USE IT
a. Types of Personal Data We Collect
We collect and maintain Personal Data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.
b. Information We Collect Directly From You: We receive Personal Data directly from you when you provide us with such Personal Data (for example, when you create an account, fill out a survey or send us feedback), including without limitation the following:
● Postal, residential and/or company addresses
● Email address
● Phone number(s)
● Username and password
● Bank account and credit or debit card details
c. Information We Receive From Third Party Sources: We also collect data from other sources, such as:
● Our customers
● Third-party business partners and data and service providers
● Publically available sources, including without limitation court judgments, directorship and bankruptcy searches, White Pages directory and social media platforms (e.g., Facebook, Twitter, Google, Instagram)
Personal Data we collect from these sources includes, for example:
● Contact data (e.g., name, address, email address and phone)
● Billing information
d. Information We Automatically Collect When You Use Our Services: Some Personal Data is automatically collected when you use our Services such as the following:
● IP address
● Device identifiers
● Web browser information
● Page view statistics
● Usage information
● Log data (e.g. access times, hardware and software information)
e. Cookies: Like many websites and mobile application operators, we (directly and through our third party service providers) collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Services, and other similar technologies. Cookies can either be “session cookies” or “persistent cookies”. Session cookies are temporary cookies that are stored on your device while you are visiting or using our Services, whereas “persistent cookies” are stored on your device for a period of time after you leave our Services. We use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our Services, and how your use of the Services varies over time. For more information on cookies, including how to control your cookie settings and preferences, visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/ and http://www.allaboutcookies.org/.
The Services uses the following cookies:
• Essential Cookies: Essential cookies are required for providing you features or services that you have requested. For example, certain cookies enable you to log into secure areas of our website. Disabling these cookies will make certain features and services unavailable.
• Functionality Cookies: Functional cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
• Performance/Analytical Cookies: Performance/analytical cookies allow us to understand how visitors use our website and Services such as by collecting information about the number of visitors to the website, what pages visitors view on our website, and how long visitors are viewing pages on the website. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Service’s content for those who engage with our advertising.
• Retargeting/Advertising Cookies: Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.
You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.
f. Web Beacons: We collect information using Web beacons. Web beacons are electronic images that can be used in connection with our Services, including in emails we send on behalf of our business partners. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon
5. USE OF PERSONAL DATA
We use Personal Data collected through our Services to operate, improve, understand and personalize our Services. For example, we use Personal Data to:
• Provide and deliver the Services, for example, to set up an account on the Services and provide service dashboard, communication services and reports
• Operate and improve our internal operations, systems, products, and services
• Process payments, including charging, verification and debt collection, and refunds, if applicable
• Protect the Services from security threats, fraud or other criminal activities
• Communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, emails to ask you to participate in surveys or reviews and our products and services, or email you about your use of the Services. If you do not want to receive communications from us, please indicate your preference by contacting us via the details set out at the bottom of this document. Please note that you cannot opt-out of non-marketing communications if you would like to continue using the Services.
• Directly market our products or services. For example, we may provide you with information and to tell you about our products, services or events or any other direct marketing activity which we consider may be of interest to you, whether by post, email, SMS, messaging applications and telephone if you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you direct marketing communications given the transaction or communication you have had with us. The foregoing does not apply where it is expressly prohibited by applicable law. If at any time you do not wish to receive any further direct marketing communications from us or others under this section, you may ask us not to send you any further information about products and services and not to disclose your information to other organizations for that purpose. You may do this at any time by using the “unsubscribe” facility included in the direct marketing communication or by contacting us via the details set out at the bottom of this document.
• Perform consumer analytics
• Correlate user behavior with bad actors on websites
• Respond on other websites if there is a known bad actor
• Identify analytics of our Service loaded in different regions
We store and process Personal Data in the United States and other countries directed by our partners that may have data protection laws different than your home country. We do not own or control the data that we process on behalf of our partners. Our partners can use Personal Data for other purposes other than listed above and may store and process your Personal Data in other locations, please visit their respective privacy policies to understand their practices.
We do not collect, retain, or share any personally identifiable information (including unique user identifiers and IP addresses) gathered on sites or apps not owned by us (“Third Party Provided PII”), except for the purpose of providing our fraud detection and prevention related services and never to create user profiles. We only share Third Party Provided PII with customers receiving our fraud detection and prevention services, or as otherwise directed by the applicable customer and services providers if necessary to provide the fraud detection and prevention services to our customers. WE NEVER SHARE THIRD PARTY PROVIDED PII COLLECTED ON ONE CUSTOMER’S SITE WITH OTHER CUSTOMERS. Retention of Third Party Provided PII is determined by the applicable customers.
6. PROCESSING GROUNDS
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our legitimate interests or the legitimate interest of others.
- Contractual Necessity: We process Personal Data as a matter of contractual necessity, meaning that we need to process the data to perform under our contract with you or the applicable entity through which you access and use the Services (for example, access to the Arkose Labs Solution and Telemetry Services), which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data:
- Legitimate Interest: We process Personal Data for certain purposes when we believe it furthers the legitimate interest of us or others (e.g. our users), for example to improve the Arkose Labs Solution and Telemetry Services. Examples of these legitimate interests include:
- Operation and improvement of our business, products and services
- Marketing of our products and services
- Provision of customer support
- Protection from fraud or security threats
- Compliance with legal obligations
- Completion of corporate transactions, such as a merger or acquisition
- Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
- Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
7. HOW, AND WITH WHOM, IS YOUR INFORMATION SHARED?
We may share your Personal Data with third parties as described in this section:
a. Service Providers: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we may use administrative service providers to assist us with our administrative matters, IT service providers and consultants to assist us in providing our products and services to you, and e-commerce services and financial institutions in connection with sales and after-sales processing. Unless we tell you differently, our service providers do not have any right to use the Personal Data we share with them beyond what is necessary to assist us.
b. Information That’s Been De-Identified: We may de-identify your Personal Data so that you are not identified as an individual, and provide that information to our business partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual person.
c. Third Party Affiliated Businesses: In certain situations, businesses or third party websites we partner with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when a third party affiliated business is associated with such a transaction or service, and we will share your Personal Data with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to a third party affiliated website or business, please review all such business’ or websites’ policies.
d. User Profiles and Submissions: Certain user profile information, including your name, location, and any video or image content that such user has uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our services. Your account privacy settings may allow you to limit the other users who can see the Personal Data in your user profile and/or what information in your user profile is visible to others. Please remember that any content you upload to your public user profile, along with any Personal Data or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone.
We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We will take reasonable steps to (i) make sure that the Personal Data we collect, use or disclose is accurate, complete and up to date, (ii) protect your Personal Data from misuse, loss, unauthorized access, modification or disclosure both physically and through computer security methods; and (iii) destroy or permanently de-identify Personal Data if it is no longer needed for its purpose of collection.
Furthermore, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
9. DATA RETENTION
We retain Personal Data about you for as long as it remains relevant. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
We reserve the right to access, read, preserve and disclose any information we retain that we reasonably believe is necessary to comply with law or court order, to enforce or apply our Arkose Labs Terms and other agreements; or protect the rights, property, or safety of Company, our employees, our users, or others.
10. YOUR PRIVACY RIGHTS
a. Rights Under GDPR
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights where we are the controller of your personal data, or to submit a request, please email GDPR@arkoselabs.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
For Personal Data for which we are the processor, please contact the controller party to exercise your Personal Data rights.
● Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by emailing us at GDPR@arkoselabs.com.
● Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
● Erasure: You can request that we erase some or all of your Personal Data from our systems.
● Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
● Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
● Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
● Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
● Right to File Complaint: You have the right to lodge a complaint about Arkose Labs’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
b. RESOLVING PRIVACY COMPLAINTS, GENERALLY
We have put in place a mechanism and procedure to resolve privacy complaints. We will endeavor to deal with all complaints in a reasonably appropriate timeframe.
In order to resolve a complaint, we: (a) will liaise with you to identify and define the nature and cause of the complaint; (b) may request that you provide the details of the complaint in writing; (c) will keep you informed of the likely time within which we will respond to your complaint; and (d) will inform you of the legislative basis (if any) of our decision in resolving such complaint.
We will keep a record of the complaint and any action taken in a Register of Complaints.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us by submitting a written request to the following address: 250 Montgomery St, Lvl 10, San Francisco.
California residents are entitled to ask us for a notice identifying the categories of Personal Data which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: CAPD@arkoselabs.com.
11. WHAT CHOICES DO YOU HAVE?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
To the extent practicable and reasonable, we will endeavor to provide you with the option of dealing with Arkose Labs on an anonymous basis or through the use of a pseudonym. However, there may be circumstances in which it is not practicable for Arkose Labs to correspond with you in this manner and your Personal Data may be required in order to provide you with our products and services or to resolve any issue you may have.
Do Not Track Policy: Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Data, please contact us at GDPR@arkoselabs.com.
14. CONTACT US
Name: Brendan Brummer
Physical address: 250 Montgomery St, Lvl 10, San Francisco
Email address for contact: GDPR@arkoselabs.com
Data Protection Officer and contact information: Phil Steffora | firstname.lastname@example.org