Privacy Policy

Effective Date: 7/29/21

Overview

In this overview, we summarize the personal information we collect and how we use it, which is further explained in our Privacy Policy below.  Keep in mind that the actual personal information we collect and how we use it, varies depending upon the nature of our relationship and interactions with you.  Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain personal information.

Categories of personal information collected. Generally, we collect the following types of personal information:

  • Identifiers: includes direct identifiers, such as name, username, account name, address, phone number, email address, online identifier, IP address, or other similar identifiers.
  • Customer records: includes personal information, such as name, signature, contact information, and payment information, that individuals provide us in order to purchase or obtain our products and services.
  • Commercial information: includes records products or services purchased, obtained or considered, or other purchasing or use histories.
  • Usage data: includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites and services, and our marketing emails and online ads.
  • Geolocation data: includes precise location information about a particular individual or device.
  • Audio, video and electronic data: includes audio, electronic, visual, thermal, olfactory, or similar information and call recordings (e.g., of customer support calls).
  • Professional information: includes professional and employment-related information, such as current and former employer(s) and position(s) and business contact information.
  • Protected Classifications: includes characteristics of protected classifications under applicable laws, such as disability information that we may collect under certain circumstances in order to make accommodations available.
  • Inferences: includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, behavior or other characteristics. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to customers, so that we can better reach them with relevant offers and ads.

Use of personal information. In general, we may use and disclose the personal information we collect for the following business and commercial purposes:

  • Operating Sites and Services and providing related support
  • Responding to requests
  • Analyzing and improving the Sites, our Services, and our business
  • Personalizing experiences
  • Advertising and marketing
  • Protecting our legal rights and preventing misuse
  • Complying with legal obligations
  • Related to our general business operations

If you are a California resident, please be sure to review the section “Additional information for individuals in certain jurisdictions” below for important information about our privacy practices and your rights under California privacy laws, including your right to submit a Do not sell my personal information” request.

You can review more detailed information about our privacy practices and your rights and choices below in our Privacy Policy, which is organized into the following sections:

I. Introduction and scope

This Privacy Policy (“Policy”) explains how Identity Fusion, Inc. and the companies, which Identity Fusion, Inc. owns or controls (“Identity Fusion”, “we”, “our” or “us”) process (e.g., collect, use, store, disclose, delete, or otherwise process,) your personal information (as defined under applicable privacy laws). This Policy applies to personal information that we obtain about our customers and users of our websites (“Sites”), and the services available through our Sites (together, the Sites and the services available therein are the “Services”). Below we explain how we collect, use, and share information about you, along with the rights and choices that you have with respect to that information.

Applicable terms. Your use of our Services, and any dispute over privacy, is subject to this Policy, the respective terms of service (the “Terms”), between you and Identity Fusion, such as our Terms of Service and any other relevant agreements, which are available. The applicable Terms are incorporated by reference into this Policy, including their applicable limitations on liability and the resolution of disputes. By disclosing your personal information to us or using our Services, you understand and agree that Identity Fusion may collect, use, and disclose your personal information in accordance with this Policy and the applicable terms.

Controller and responsible party. For the purposes of the EU General Data Protection Regulation (the “GDPR”) and other relevant applicable laws (such as the UK Data Protection Act 2018 (“UK DPA”), Identity Fusion is the controller of personal information collected from you through our Services for the purpose of conducting or developing our business with you. Where we collect and process personal information on behalf of a customer in order to provide our Services to such customer, we refer to this data as “Customer Personal information.” We are a ‘processer’ or ‘service provider’ with respect to our collection and processing of Customer Personal information and will only process such Customer Personal information on behalf of the particular customer. Our customers’ respective privacy policies apply to and govern the processing of Customer Personal information.

II. What personal information we collect

The personal information that we may collect about you, broadly falls into the following categories:

Information collected directly from you or your organization:

  • Account registration: certain parts of our Services may ask you to provide personal information voluntarily: for example, we ask you to provide your contact details, including name, company name, and email address, user name and password, in order to register an account with us, purchase products/services from us, to subscribe to marketing communications from us about our products and updates, participate in promotional activities, and/or to submit inquiries to us.  If you are a customer (and authorized user) we maintain account information (to access various parts of our platform), including your organization’s application and to administer the relevant accounts. We collect, personal information such as your name, title, company or organization name, contact details (such as name, telephone number, e-mail address, sold to address, shipping address), billing address and payment information, and other information necessary to confirm that you are an authorized user of a customer (where relevant).
  • Purchases: if you choose to purchase our products or services, we ask you to provide your contact details (including name, email address, phone number, and shipping/billing address) as well as payment information. We maintain a record of your purchase history or order placed on your account.
  • Communications: if you contact us through the Services via email, or phone, or otherwise (for example, when you fill out our ‘Contact us’ form or signup for our mailing lists) with a request or inquiry, we collect your contact information, email address, and the contents of any such communication.
  • Content: if you submit comments, blogpost, ratings, and other content we maintain a copy of this content.

Automatically collected from your use of our services: we use cookies, log files, pixel tags, local storage objects, and other tracking technologies to automatically collect information when users access or use the services or visit the Sites, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring/exit URLs, operating system, language, clickstream data, and other information about the links clicked, features used, size of files uploaded, streamed or deleted, and similar device and usage information.  For more information, see the Cookies and similar technology section below.

Personal information collected from other sources: we may collect personal information about you from third party sources, such as business partners of our products, social media platforms, news media, public sources (including public internet websites, databases, and government sources), joint marketing partners, and third parties to whom you have expressed interest in our products and services, as well as information that you shared on social media platforms (subject to the respective platform terms and applicable laws). We may collect personal information from third parties about you to verify certain information about you or obtain additional information about you.

III. How we use information we collect

The purposes for which Identity Fusion may process personal information varies depending upon the circumstances. Generally, we use personal information for the business and commercial purposes listed below, and where the GDPR applies, we have set forth the legal bases for such processing in parenthesis (see below under A. Additional Information for EEA/UK Users for further explanation of our legal bases). Identity Fusion and service providers acting on our behalf may use information about you for the following purposes:

  • Operating our Services and support services: to provide, maintain, protect and improve our Services, develop new services, fulfill your requests, to troubleshoot, provide technical support, communicate with you about your use of our Services, perform a contract with you, process your orders and payment and for similar support services. (Legal bases: performance of our contract with you; and/or our legitimate interests)
  • Responding to requests: to respond to your inquiries and requests. (Legal basis: performance of our contract with you)
  • Improving and analyzing our Sites and Services: to conduct data analysis, audits, fraud monitoring and prevention, enhancing, improving, or modifying our Sites and Services or business, identifying usage trends, and operating and expanding our business activities. (Legal bases: our legitimate interests)
  • Promotional content and marketing: to send you advertisements and communicate about our products, services, and events we believe may be of interest to you; where required by applicable law we will obtain your opt-in consent thereto. (Legal bases: our legitimate interest; and/or consent)
  • Personalized content: to facilitate, manage, personalize and improve your online experience and send or display to you targeted ads or otherwise personalize your experience with our Services. (Legal bases: our legitimate interests)
  • Complying with legal obligations: to comply with the law or a legal obligation to which Identity Fusion is subject; including in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. (Legal bases: our legitimate interests; and/or compliance with laws)
  • Protecting legal rights and preventing misuse: to protect the Site and our business operations; to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this Policy and our applicable terms of service and agreements. (Legal bases: our legitimate interests; and/or compliance with laws)
  • Related to our general business operations: to consider and implement transfers of ownership or control of any portion of Identity Fusion to a third party, whether in the context of an acquisition, merger, reorganization, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings), and where necessary to the administration of our general business, accounting, recordkeeping and legal functions. (Legal bases: our legitimate interests; and/or compliance with laws)

Aggregate, de-identified or anonymous dataIdentity Fusion also creates and uses aggregate, anonymous and de-identified data to assess, improve and develop our business, services, and products, or for similar research and analytics purposes. This data is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.

 

IV. Who we share information with

We may disclose personal information about you as follows:

  • Affiliates: to our affiliates and subsidiaries whose handling of your personal information is subject to this Policy, which could include marketing to you.
  • Service providers: to our service providers, who process personal information on our behalf to help us process and fulfill your transaction or request, to satisfy a contractual obligation, to provide our services, providing customer service, and improving our products, or for other operational or business purposes.
  • Third parties: to our advertising and analytics partners, including to third parties we engage to provide advertising, campaign measurement, online and mobile analytics, and related services to us (where required by applicable laws: with your consent).
  • Users: any content you post within the Services is viewable by other users and Site visitors.
  • Legal obligations: to comply with and in response to legal process, the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena or requests from public and government authorities.
  • Protecting rights: to protect our rights where we believe it is necessary to (a) protect our operations and protect our rights, privacy, safety or property, and /or that of you or others, including to take action regarding violations of our Terms of Service or this Policy, to (b) respond to claims asserted against us or, (c) as evidence in litigation in which we are involved, to enforce our contractual rights; (d) and to allow us to pursue available remedies or limit the damages that we may sustain.
  • Business transfers: to a third party in connection with any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), or similar event, including related to due diligence conducted prior to such event where permitted by law.

Aggregate, de-identified or anonymous data. We may share aggregate, anonymous or de-identified data with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.

V. Cookies and similar technology

We, and our third-party service providers and partners, use “cookies,” pixels, java script, log files, and other mechanisms on the Sites. We use or may use the personal information collected through tracking technologies to:  (a) remember information so that you will not have to re-enter it during your visit or the next time you visit our Services; (b) provide custom, personalized content and information, including targeted content and advertising; (c) recognize and contact you across multiple devices; (d) provide and monitor the effectiveness of our Services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Services; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our Services. For more detailed information about the use of cookies on the Sites and how you can manage your cookie preferences, see our Cookie Policy and Cookie Preference Manager.

Cookies. A “cookie” is a small text file that may be used, for example, to collect information about website activity. Some cookies allow us to make it easier for you to navigate the Sites, while others are used to enable a faster log-in process or to allow us to track your activities while using the Sites.  Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them.

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our services to, among other things, track the activities users of our services, help us manage content, and compile statistics about usage of our services. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.

Third-party analytics. We also use third-party analytics providers, such as Google Analytics, to evaluate use of our Services. You can learn more about Google’s privacy practices here and opt-out here. We use these tools to gather non-personal information about users to help us improve our Sites and services, as well as user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on the Sites with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.

Do-not-track signals. The Sites do not respond to do-not-track signals. You may, however, disable certain tracking (e.g., by disabling cookies).

Cookie settings. If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies.  Please note that doing so may negatively impact your experience using the Services, as some features on our Services may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies, you may not be able to block non-cookie technologies or the changes to your settings may have no effect.  You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.

VI. Third party tracking and online advertising

Interest Based Advertising. We participate in interest-based advertising and use third-party ad networks and companies to serve you targeted advertisements based on your browsing history and other automatically collected information. We and these third-parties may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third party sites and services), such as click stream information, browser type, time and date you visited the Services, your use of third-party applications, IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s precise geolocation; we and these third-party ad companies use such information to play or display ads on our Services, on devices you may use, as well as on other third-party websites, apps or Services and to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related Services such as reporting, attribution, analytics and market research.  

Cookies. Most browsers allow you to adjust your browser settings to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Blocking or deleting cookies may negatively impact your experience using the Services, as some features and services on our Services may not work properly.   

Interest-based advertising. To learn about interest-based advertising and how you may be able to opt-out of some of this advertising, you may visit the following online resources:

Canada: www.youradchoices.ca

EU: www.youronlinechoices.eu

U.S.: www.aboutads.info and http://www.networkadvertising.org/choices

Please note that opting-out of receiving interest-based advertising through the NAI’s and DAA’s online resources will only opt-out a user from receiving interest-based ads on that specific browser or device, but the user may still receive interest-based ads on his or her other devices. You must perform the opt-out on each browser or device you use. Some of these opt-outs may not be effective unless your browser is set to accept cookies.  If you subsequently delete cookies, change your browser settings, switch browsers or computers, or use another operating system, you may need to opt-out again to reset your preferences.

Mobile advertising. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest-based ads” (Android).  You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app.   

VII. International Transfers

Identity Fusion is located in the US and we have offices and service providers that are located in the United States and other jurisdictions. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not include equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

Users in the European Economic Area (EEA) and United Kingdom (UK). If you are in the EEA or the UK, and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). To obtain additional details of the mechanism under which your personal data is transferred outside of the EEA; you may request such details by contacting us as set forth in the Contact us section below.

VIII. Social media features

Identity Fusion provides social media features that enable you to share information with your social networks and to interact with Identity Fusion on various social media sites. These providers may recognize you and collect information about your visit to our Services, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies. We encourage you to review the privacy policies and settings on the social media sites you use to interact to make sure you understand the information that may be collected, used, and shared by those sites. You may disable these features at any time.

IX. Security

We take reasonable measures to help protect personal information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. However, we cannot guarantee 100% security and you transmit such information at your own risk. Please note, that you are responsible for all actions taken with your User ID and password, if any. Therefore, we recommend that you do not disclose your password to anyone. If you lose control of your password, you may lose substantial control over your personally identifiable information and may be subject to legally binding actions taken on your behalf.

X. Your choices and rights

Marketing choices. If you would like to unsubscribe from Identity Fusion’s email subscriptions or otherwise change your email preferences with us, you may opt out of direct marketing emails at any time by sending a request to marketing@identityfusion.com or follow the unsubscribe instructions in any promotional email that we send to you. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages. Where required by law we will obtain your consent prior to sending you direct marketing communications.

Accessing and updating personal information. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information, please send your request to privacy@identityfusion.com. We will review your request and make reasonable efforts to respond to it as soon as practicable. To guard against fraudulent requests for access, Identity Fusion reserves the right to verify your identity by requiring sufficient information to allow it to confirm the identity of the party making the request before granting access or making corrections. You may also log into your account to update or change certain of your personal information changes. Identity Fusion reserves the right to decline requests to access or delete personal information if and to the extent disclosure or deletion of the information requested is not required or permitted by applicable law.

Additional information for certain jurisdictions. In the section “Additional Information for Individuals in Certain Jurisdictions” below, we provide additional information as required under California privacy laws, as well as the GDPR and UK DPA.  Users in California, the EEA and the UK should review this section for more information regarding their rights under these respective laws.

XI. Retention

We retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Statement or otherwise upon collection of your personal information, unless a longer retention period is required or allowed by law or to otherwise fulfill a legal obligation.

XII. Children

Our Sites are not targeted at children and we do not knowingly collect information from children under age 16. If you believe we have unintentionally collected such information, please notify us as set out in the Contact us section below.

XIII. Updates to this Policy

We may update this Policy from time to time. When we make changes to this Policy, we will change the Effective Date above. If we make material changes to this Policy, we will endeavor to notify you, for example by emailing a Policy to the primary address we have on file for you or by posting a Policy on the Site, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided. We encourage you to periodically review this Policy for the latest information on our privacy practices.

XIV. Contact us

If you have any questions or requests in connection with this Privacy Statement or other privacy-related matters, please send an email to privacy@identityfusion.com.

XV. Additional Information for individuals in certain jurisdictions 

A. Additional information for EEA/UK users

Purposes and Legal Bases of Use. The GDPR, requires that we inform you of the legal bases for our processing of your personal information.  Pursuant to the GDPR, we process personal information for the following legal bases:

  • Performance of contract: as necessary to enter into or carry out the performance of our contract with you.
  • Compliance with laws: for compliance with legal obligations and/or defense against legal claims, including those in the area of labor and employment law, social security, and data protection, tax, and corporate compliance laws.
  • Our legitimate interests: in furtherance of our legitimate business interests, which are not overridden by your interests and fundamental rights, including:
    • Performance of contracts with customers and other parties
    • Implementation and operation of global support (e.g., IT) services for our business operations
    • Improving our Sites, Services and similar purposes
    • Customer relationship management and improving our Sites and Services, including other forms of marketing and analytics
    • Fraud detection and prevention
    • Physical, IT, and network perimeter security
    • Internal investigations
    • Actual or potential mergers, acquisitions, and reorganization, and other business transactions
  • With your consent: where we have your consent the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent at any time. You may withdraw your consent at any time using the contact details set out in the Contact us section.

In addition, we may process your personal information where necessary to protect the vital interests of any individual.

Your GDPR Rights. Below, we inform about other rights, including the GDPR and similar applicable laws, that may apply to you if you are in the EU/EEA/UK. Subject to the conditions set out in the applicable law, individuals in the EU/EEA/UK have the following rights regards our processing of their personal information:

  • Right of access: you can ask us to confirm whether we are processing your personal information; give you a copy of that information; provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your information from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
  • Right to rectify and complete personal information: you can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
  • Right of erasure: you can ask us to erase your personal information, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
  • Right of restriction: you can ask us to restrict (i.e., keep but not use) your personal information, but only where: its accuracy is contested, to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal information following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
  • Right to object to our use of your personal information for direct marketing purposes: you can request that we change the way we contact you for marketing purposes. You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
  • Right to object: you have the right to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
  • Right not to be subject to automated decision-making: you have the right not to be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you, unless it is necessary for entering into or performing a contract between us.
  • Right to portability: you can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.
  • Right to withdraw consent: you can withdraw your consent in respect of any processing of personal information which is based upon a consent which you have previously provided.
  • Right to obtain a copy of safeguards: you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA/UK. We may redact data transfer agreements to protect commercial terms.
  • Right to lodge a complaint with your local supervisory authority: you have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.

For more information about our privacy practices, you may contact us as set forth in the Contact us section above.

 

        B. Additional information for California residents

This section applies to you if you are a resident of the state of California.  California law requires us to disclose certain information regarding the categories of personal information we collect. For purposes of this section, “personal information” has the meaning provided by the California Consumer Privacy Act (the “CCPA”). This section does not address or apply to our handling of publicly available information lawfully made available by state or federal government records or other personal information that is exempt under the CCPA. This section does not apply to personal information we collect when we are acting as a “service provider” to process information in accordance with a contract with our business customers.

Collection and use of personal informationThe personal information we collect from and about you varies based upon our relationship with you.  For example, we use personal information to fulfill your requests, process your transactions and provide our Services to you; to communicate with you; for marketing and advertising purposes; to monitor, improve, and develop our products and Services; and to protect the security and integrity of our business, comply with legal requirements and obligations; for our business and operational purposes; and as otherwise permitted or required by law.

The table below identifies the categories of personal information (as defined by the CCPA) we have collected about consumers within the last 12 months, as well as how we have disclosed such information for a business purpose. For more information about the business and commercial purposes for which we collect, use and disclose personal information, please refer to the sections of this Policy further above titled “What personal information we collect“ and “How we use information we collect.”

 

 

Personal information collected

Categories of third parties to whom we may disclose this information

Categories

Description

Identifiers

Includes direct identifiers, such as includes direct identifiers, such as name, username, account name, address, phone number, email address, online identifier, IP address, or other identifiers.

•  service providers  

•  advisors and agents

•  government entities and law enforcement

•  affiliates and subsidiaries

•  advertising networks

•  data analytics providers

•  social networks

•  internet service providers

•  operating systems and platforms

•  business customer/client

Customer records

Includes personal information, such as name, signature, contact information, and payment information, that individuals provide us in order to purchase or obtain our products and services.

•  service providers  

•  advisors and agents

•  government entities and law enforcement

•  our affiliates and subsidiaries

•  business partners who provide services you request

Commercial information

Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.

•  service providers  

•  advisors and agents

•  government entities and law enforcement

•  affiliates and subsidiaries

•  advertising networks

•  data analytics providers

•  social networks

•  internet service providers

•  operating systems and platforms

•  data brokers

•  business customer/client

Usage Data

Includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites, mobile apps [and other Services, and our marketing emails and online ads.

•  service providers  

•  advisors and agents

•  government entities and law enforcement

•  affiliates and subsidiaries

•  advertising networks

•  data analytics providers

•  social networks

•  internet service providers

•  operating systems and platforms

Audio, video and electronic data

Includes audio, electronic, visual, thermal, olfactory, or similar information such as, thermal screenings and , photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., of customer support calls).

•  service providers  

•  advisors and agents

•  government entities and law enforcement

•  affiliates and subsidiaries

Professional information

Includes professional and employment-related information such as business contact information and professional memberships.

•  service providers  

•  advisors and agents

•  government entities and law enforcement

•  affiliates and subsidiaries

Protected classifications

Includes characteristics of protected classifications under applicable laws, such as disability information and medical conditions provided by you when you register for events and other activities.

•  service providers

•  advisors and agents

•  government entities and law enforcement

•  affiliates and subsidiaries

Inferences

includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, behavior or other characteristics. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to customers, so that we can better reach them with relevant offers and ads.

•  service providers  

•  advisors and agents

•  government entities and law enforcement

•  our affiliates and subsidiaries

•  analytics providers

While we do not “sell” personal information to third parties in exchange for monetary compensation, we may, as is common practice among companies that operate online, disclose or make available certain categories of personal information to third-party advertising networks, social media companies and other third-party businesses in order to receive certain benefits or services, such as when we make browsing information available to third-party ad companies (through third party tags on our Sites) in order to improve and measure our ad campaigns and reach users with more relevant ads and content. As defined by the CCPA, we may “sell” Usage Data and Identifiers to third party advertising networks, social networks and data analytics providers. These third-party businesses may use such information for their own purposes in accordance with their own privacy statements, which may include reselling this information to additional third parties, including other advertising networks. To learn more, please see the “Third party tracking and online advertising” section of our Policy further above.

Sources of personal information. As further described in the “What information we collect” section above, we may collect personal information from the following sources:

  • Our enterprise customers
  • Business Partners and Affiliates
  • Directly from the individual
  • Advertising networks
  • Data analytics providers
  • Social networks
  • Internet service providers
  • Operating systems and platforms
  • Publicly available sources

Your California rights and choices.  As a California resident, you may be able to request to exercise the following rights:

  • The right to know: with respect to the personal information we have collected about you in the prior 12 months, to require that we disclose the following to you (up to twice per year, subject to certain exemptions, and upon verification of your request and identity):
    • The categories of personal information we have collected about you
    • The categories of sources of the personal information
    • The categories of personal information that we have disclosed to third parties for a business purpose or sold
    • The categories of third parties to whom we have disclosed for a business purpose or sold the categories of personal information
    • A copy of the specific pieces of personal information we have collected about you
    • The business or commercial purposes for collecting or selling the personal information
  • Right of deletion:(without charge) of personal information we have collected from you, subject to certain exceptions.
  • Do-not-sell (opt-out): California residents have the right to opt-out of our sale of their personal information. While we may “sell” personal information as defined by the CCPA, we do not sell personal information about California consumers who we know are younger than 16 years old. 

You also have the right not to be subject to discrimination for exercising above rights. However, please note that if the exercise of these rights may limit our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.

Submitting verifiable requests.  You may submit a request to know or request to delete:

  • online here
  • via our toll-free number at +1 844-726-5666
  • by emailing privacy@identityfusion.com with the subject line “California Rights Request: California Consumer Rights”

You may also submit a Do-Not-Sell request on our websites by clicking the “Do Not Sell My Info” link in the footer of our website; and by adjusting your Cookie Preferences. Click the cookie settings button in our website footer here.

When you submit a request to know or delete, we will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one.  In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law. Authorized agents may initiate a request on behalf of another individual by contacting us as set forth in the Contact us section above; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

California’s “Shine the Light” law.  California's "Shine the Light" law (Civil Code Section §1798.83) provides certain rights to California residents free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing purposes; such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year (e.g., requests submitted in 2020 would be applicable to relevant disclosures (if any) in 2019). If you are a California resident and would like to make such a request, please submit your request in writing by emailing us at privacy@identityfusion.com using the subject line "Request for California STL Information." In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address from which you submitted your request. Please note that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.

For more information about our privacy practices, you may contact us as set forth in the Contact us section further above.