Signifyd’s “Website and Cookie” privacy notice
Last updated: April 8, 2024
This Website and Cookie Privacy Notice (“Notice”) describes the privacy practices of Signifyd Inc., on behalf of ourselves and for the benefits of our affiliates (“Signifyd”, “we,” “our” or “us”) for the use of our site, www.signifyd.com (the “Website”). This includes details on what Personal Data (as defined below) we collect when you visit the Website or otherwise interact with us, how we use your Personal Data, certain rights you may have with respect to your Personal Data and how to contact us about our privacy practices.
Please note that this Notice does not cover the Personal Data we collect in connection with Signifyd’s fraud and abuse detection products and services, which are covered in our Services & Product Privacy Notice.
What type of information we collect
- We may collect information from our users at several different points on our Website. This includes the following types of information:
- Personal Data: this includes any data that identifies you or that allows someone to identify you, including your name, address, telephone number, email address, unique device identifiers (e.g., IP address), as well as other information about you that’s associated with or linked to any of the foregoing data.
- Non-Personal Data: this means data that is not associated with or linked to your Personal Data.
We do NOT collect the following type of information:
- “Special Categories” of Personal Data: this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or information about your health or genetic or biometric data.
We may collect information about you in the following ways:
- We collect Personal Data when you register with the Website, request support, download a whitepaper, register for a webinar or otherwise interact with us. If you do not provide us with the required information we may not be able to provide you with the information or services requested by you.
- When you use the Website we may automatically collect Personal Data and Non-Personal Data through cookies or other online technologies. This information is helpful for us to operate our Website, for marketing purposes or for improving a user’s experience on the Website. For more information, please see the section on Cookies below.
- We may collect information about you from our business partners and other service providers, including Personal Data (e.g., contact information such as emails and general information associated with your IP or device), to help to operate our Website, for marketing purposes or for improving your experience on the Website.
- We may collect statistical and other aggregated data related to your use of the Website or as well as information on Website usage patterns. This information is collected and used as Non-Personal Data.
How we use information
- We may use information in the following ways:
- To administer and improve our Website, products and services;
- Track user movements around the Website;
- Deliver relevant Website content, marketing and promotions;
- Generate reports related to how people access and use our Website and services;
- Respond to inquiries and requests;
- For compliance purposes;
- If we determine in good faith that the information is required by law in order to prevent, investigate, or take action regarding illegal activities.
To the extent required under applicable data processing laws and regulations, any Personal Data that we collect may be stored in our database and will be used in accordance with such applicable laws and regulations.
How we disclose information
- We may disclose the information we collect for the following purposes:
- In response to legal process, court orders, subpoenas;
- To establish or exercise our legal rights or defend against legal claims;
- For the purpose of providing and operating the Website, we may disclose information to trusted third party partners for the purpose of providing Website related services to us (e.g., service hosting, marketing, advertising, analytics and security);
- In the conduct of our business, we may go through a business transaction involving some or all of our assets, such as a sale, merger, reorganization or bankruptcy proceeding; information collected from users of the Website, including Personal Data, could be transferred as part of such a transaction or in contemplation thereof;
- We may request your permission to disclose your information in other ways where you have given your consent;
Cookies
- A cookie is a piece of data sent from a website while the user is browsing that is stored on a user’s hard drive to maintain information about the user’s browsing activity. We use cookies to enhance the user experience and improve our Website, including by means such as storing preference information. We may also use cookies to track and monitor usage of the Website for the purposes of marketing and operational improvements.
Signifyd’s Website uses both “session” and “persistent” cookies. “Session cookies” are created and stored temporarily while the user browses and are deleted from the device when the browser is closed. “Persistent cookies” are saved on the user’s device for a fixed period and become active when they visit the Website.
Users located in the EU will receive a pop-up notification informing them that cookies are operating on our Website. Most browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies or receive a warning before a cookie is stored. See your browser settings for more information.
Interest based online advertising
- We may work with third parties who collect information on our Website and elsewhere on the Internet through the use of cookies and similar methods in order to serve you with relevant advertisements on other online services or to determine that you have seen our advertisements on other online services and for related advertising retargeting purposes. This is called interest-based advertising. If you are interested in information about interest based advertising and the choices you have, you can visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link.
We do not respond to or honor “do not track” (a/k/a DNT) signals or similar mechanisms automatically transmitted by web browsers.
Our use of third-party interest based advertising services may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers and usage information) in a way that may be considered a “sale” or the “sharing”/“processing” of Personal Data for purposes of online targeted advertising. To opt out of these activities, please use the “Your Privacy Choices” link on the footer of the Website.
Email communications
- You have the ability to opt out of receiving promotional communications from Signifyd at any time. You can opt out by either changing your email preferences, using the link provided at the bottom of each email message, or by contacting us at [email protected]. You may not opt out of administrative emails (for example, emails about your transactions or legal notices).
Links
- Our Website may have links to the sites of third party companies (e.g. a joint webinar or white paper offering). We are not responsible for any information you provide to a third party, including through any third party website linked on our Website. We encourage you to read the privacy policies of those companies for more information about how they process your information.
How we safeguard data
- We implement industry standard measures to reduce risks caused by the potential loss of information, unauthorized access, or use of information. However, no measure can provide absolute information security and we cannot provide protections beyond what is within our reasonable control.
How long we retain data
- We retain Personal Data for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by applicable law.
Information for residents of the European Economic Area
- Data transfers
We may transfer Personal Data outside of your country of residence, including to the United States and other countries where we and our third-party service providers operate. Where we do so, we comply with applicable laws in relation to such transfer. By using the Website, you acknowledge that such transfers will occur.
- EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
Signifyd complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Signifyd has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Signifyd has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the Data Privacy Framework, Signifyd commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Signifyd at [email protected]. Signifyd has further committed to refer unresolved complaints to the American Arbitration Association (“AAA”), an alternative dispute resolution provider located in the United States, which could reach a binding decision. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit AAA for more information or to file a complaint. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 1-800-778-7879. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed here.
Your information rights
- Depending on your jurisdiction of residence, you have certain rights with respect to your Personal Data, which may include the right to:
- Access the Personal Data we have about you,
- Correct any Personal Data we hold about you that may be inaccurate,
- Request that we delete your Personal Data,
- Restrict or object to the processing of your Personal Data,
- Transfer Personal Data to another organization (subject to certain conditions) and
- Withdraw your consent to us processing your Personal Data, where consent was previously provided and was the legal basis on which we relied for our processing of Personal Data
If you request these rights, we may need to verify your identity for security and to prevent fraud.
To exercise these rights, please click here to access the Data Subject Access Request form or email us at [email protected].
Please note, however, that certain information may be exempt from such requests, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. Depending on applicable law, you may have the right to appeal our decision to deny your request. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.
Information for California Residents
- If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with the following additional information about: (1) the purpose for which we use each category of Personal Data (statutorily called “Personal Information”) we collect; and (2) the categories of third parties to which we (a) disclose such Personal Data for a business purpose, (b) “share” Personal Data for “cross-context behavioral advertising,” and/or (c) “sell” such Personal Data. Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s Personal Data obtained from the consumer’s activity across websites and “selling” is defined as the disclosure of Personal Data to third parties in exchange for monetary or other valuable consideration.
Categories of Personal Data collected and disclosed
The table below describes the categories of Personal Data we may have collected from you in the past twelve months and the categories of third parties to whom we may disclose such Personal Data for a business purpose.
Categories of Personal Data collected Purposes of use Categories of third parties to whom the business discloses Personal Data Identifiers - Business Operations
- Customer Service
- Legal Purposes
- Communication with you
- Affiliates
- Third Party Service Providers
Marketing Information - Business Operations
- Communication with you
- Affiliates
- Third Party Service Providers
Financial/Commercial Information - Business Operations
- Customer Service
- Legal Purposes
- Communication with you
- Affiliates
- Third Party Service Providers
- Data Enrichment Providers
Internet Network or Device Information - Business Operations
- Customer Service
- Legal Purposes
- Communication with you
- Affiliates
- Third Party Service Providers
For more information about each category of Personal Data, purpose of use and third parties to which we disclose Personal Data, please see the “Information We Collect,” “How We Use Your Information,” and “How We Disclose Your Information” sections of this Notice.
CCPA Rights. This section describes the rights that California Residents have and explains how to exercise those rights.
Right to Know About Personal Data Collected, Disclosed or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your Personal Data over the past 12 months. Once we receive and confirm your verifiable consumer request and subject to certain limitations that we describe below, we will disclose such information to you. You have the right to request any or all of the following:
- The categories of Personal Data we collected about you
- The categories of sources from which the Personal Data is collected
- Our business or commercial purpose for collecting or selling that Personal Data
- The categories of third parties with whom we share that Personal Data
- The specific pieces of Personal Data we collected about you
Right to Request Deletion or Correction. You have the right to request that we delete any of your Personal Data that we collected from you and retained, or correct Personal Data that is inaccurate, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete or correct your Personal Data. However, we may deny a deletion request if retaining the information is necessary for us in order to perform certain actions permitted by applicable law, specifically such as detecting data security incidents or protecting against fraudulent or illegal activity. Therefore, we may retain your Personal Data despite such requests. We may also deny a correction request if the information we have about you is already accurate.
Exercising Access, Correction and Deletion Rights. To exercise the access and deletion rights described above, please click here to access the Data Subject Access Request form or email us at [email protected].
Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.
The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it. In addition, you should provide sufficient information (including, at minimum, your name, address and e-mail address) that allows us to reasonably verify that you are the person about whom we collected the Personal Data or an authorized representative.
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.
Sale/Sharing of Personal Data: our use of third-party interest based advertising services may result in the disclosure of online identifiers (e.g. cookie data, IP addresses, device identifiers and usage information) in a way that may be considered a “sale” or “sharing” under the CCPA. To opt out of these activities, please use the “Your Privacy Choices” link on the footer of the Website. Please review our section on Interest Based Advertising for more information.
If we ever offer any financial incentives in exchange for your Personal Information, we will provide you with appropriate information about such incentives.
Sensitive Personal Data: the CCPA also allows California Residents to limit the use or disclosure of “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA.
Non-Discrimination. We will not discriminate against you for exercising any of your legal rights.
Retention of Your Personal Information. Please see the “Retention” section above.
California “Shine the Light” disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of Personal Data (as defined in the Shine the Light law) to third parties for their own direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose Personal Data to third parties for their own direct marketing purposes.
Children
- Our Website is not directed to children or under the age of 16 and we do not knowingly collect Personal Data from children under the age of 16. If we learn that we have collected Personal Data from a child under the age of 16 on our Website, we will delete that information as quickly as possible. If you believe that we may have collected any such Personal Data on our Services, please notify us at [email protected].
Updates to this Notice
- We reserve the right to amend this Notice, from time to time, in our sole discretion. When we do, we will also revise the “last updated” date at the beginning of this Notice. The most current version of this Notice will always appear on our Website. The continued use of our Website after such changes will mean that you accept the revised Notice. We encourage you to periodically review this Notice to stay informed about how we collect, use and disclose Personal Data.
Contacting us
- If you have any questions, comments or concerns about this Notice, or if you would like to exercise your rights in relation to your Personal Data, please contact us using the following contact information:
Signifyd, Inc.
Attn: Signifyd Privacy Issues
99 Almaden Blvd., 4th floor
San Jose, CA 95113
[email protected]
Tel: (866) 220-1415Please note, the role and department responsible for compliance with the obligations under this Notice is:
Data Protection Officer
Signifyd, Inc.
99 Almaden Blvd., 4th floor
San Jose, CA 95113
[email protected]
Tel: (866) 220-1415You may contact our European Local Representative as required under Art. 27 GDPR as follows:
Managing Counsel
Signifyd, Inc.
Buzón 109
C/ Pizarro 20 — Local
28004 Madrid