法律隐私和安全
Riskified 尊重我们网站(网址:https://riskifiedchina.cn,下称“网站”)用户的隐私,并致力于保护从网站用户(下称“用户”或“您”)处收集和/或网站用户披露的信息。本网站隐私政策(下称本“政策”)说明了 Riskified Ltd. 代表我们自己和我们的关联公司(下称“Riskified”、“我们”或“我们的”)关于使用网站的隐私做法。
我们收集的信息
在过去 12 个月中,我们收集了下列类别的信息,并将继续收集此类信息。此类信息直接从您处、通过您在网站上的浏览会话以及通过第三方收集。我们使用此类信息来改进我们的服务,如下所述。
Riskified 在我们网站上的几个不同位置收集用户的信息。您在网站注册、请求支持、参与促销活动或与我们互动(例如通过“联系我们”选项)时,我们可能会从您处收集个人数据,如用户名、地址、联系信息和其他个人身份信息,并储存在我们的数据库中。如果您不向我们提供要求的信息,我们可能无法向您提供您请求的信息/服务。注册用户可能需要使用用户名和密码来访问其信息。
在您使用网站时,我们可能会使用 Cookie 或其他在线技术自动收集个人数据。这可能包括互联网流量数据,如用户的 IP 地址、域服务器、计算机类型、网络浏览器类型、您在网站上的浏览会话(例如,访问的页面和点击的链接)、您访问的推荐来源和网站导航路径以及您在网站上的互动。此类信息有助于我们运营网站、营销或改善用户的网站体验。
我们还可能从我们的业务合作伙伴和其他服务提供商处收集关于您的信息(包括个人数据,例如联系信息,如电子邮箱以及与您的 IP 地址或设备相关的一般信息),从而帮助我们运营网站、营销或改善您的网站体验。
我们还可能收集与您使用网站或网站上的服务相关的统计数据和其他汇总数据,以及有关网站使用模式的信息。此类信息作为非个人身份信息予以收集和使用。
我们使用这些信息的方式以及我们共享信息的对象
我们使用所收集的信息来分析趋势、管理网站、改进我们的服务、跟踪用户在网站上的行动轨迹,以及收集有关我们的用户群体的人口统计信息。我们还使用所收集的信息来回应您的请求并与您联系。我们编译和储存所收集的信息,以生成与我们的用户对我们网站和服务的访问及使用相关的报告。在遵守适用法律要求的前提下,我们可能使用所收集的特定信息来个性化和交付直接向您推送的营销内容,并衡量其有效性。
在适用数据处理法律法规要求的范围内,我们收集的任何个人数据都可能储存在我们的数据库中,并根据适用法律法规使用。
我们不会与/向第三方共享、分发、出售或出租您的任何个人数据,除非是为了协助我们开展上述活动以及在下列情况下(这些情况下,我们可能会使用我们收集的信息):
- 法律要求提供信息,以防止、调查非法活动或采取相关行动;
- 回应法律程序、法院命令、传票;
- 为了证明或行使我们的合法权利或抗辩法律索赔;
- 为了提供和运营网站,我们可能会与可信赖的第三方合作伙伴共享信息,以便向我们提供与网站相关的服务。我们会要求这些第三方遵守本隐私政策,或提供保护程度不低于本政策的隐私政策。
- 我们也可能请求您允许以其他方式使用您的信息。此类使用须征得您的同意。
- 如果法律要求,由此类第三方进行的任何数据处理将受采用法律要求形式的数据处理协议的管辖,以保护您的法定数据保护权。
- 如发生业务转让:在开展业务过程中,我们可能会经历诸如出售、合并、重组或破产程序等商业交易。从网站用户处收集的信息(包括个人数据),可能作为此类交易的一部分进行转让。通过网站提交您的个人数据,即表示您同意在此类情况下您的信息可能会被转让给第三方。
Cookie
Cookie 是用户浏览时网站发送的一段数据,储存在用户的硬盘上,其中包含用户的信息。我们使用 Cookie 改善用户体验、改进我们的服务,包括储存密码或偏好信息等方式。我们还可能使用 Cookie 跟踪和监控网站的使用情况,以便进行营销和改进运营。
Riskified 网站同时使用“会话”Cookie 和“持久”Cookie。“会话 Cookie”在用户浏览时临时创建、临时储存,并在浏览器关闭时从设备中删除。“持久 Cookie”在用户设备上保存一段固定的时间,并在用户访问网站时运行。
欧盟用户会收到一个弹出通知,通知他们 Cookie 正在我们的网站上运行。大多数浏览器允许您从计算机硬盘上删除 Cookie、拒绝接受 Cookie,或者在储存 Cookie 之前向您发出警告。
基于兴趣的广告
我们可能会与通过使用 Cookie 和类似方法在我们的网站和其他地方收集信息的第三方合作,以便在其他服务中为您提供相关广告,或确定您在其他服务中看到了我们的广告,并用于其他重新定向目的。如果我们无法评估您对“禁止跟踪”(简称 DNT)信号或由网络浏览器自动传输的类似机制的选择,则我们不会回应,也不会执行此类信号或机制。
电子邮件通讯
您可以随时选择拒收 Riskified 的营销信息。您可以通过更改您的电子邮件首选项或使用每封电子邮件底部提供的链接来选择拒收。如果您是注册用户,则您无法选择拒收管理性质的电子邮件(如关于您的交易或政策变更的电子邮件)。
未经许可,我们不会向任何人发送电子邮件,也不会向任何未经授权的第三方出售或出租电子邮件地址。如果您认为收到了来自我们的未经请求的电子邮件,请通过 support@riskified.com 联系我们,我们将进行调查。
数据保留
我们会保留我们通过网站收到的个人数据,保留时间不超过 48 个月,除非您要求我们删除此类信息,或者我们因提起、执行或抗辩法律索赔或遵守法律义务而需要保留更长时间。在我们决定不保留数据时,我们会将数据从我们的系统中删除,或者将数据做匿名化处理,恕不另行通知。
求职者数据
我们使用关于求职者的信息(从网站或任何其他来源处获得),比如他们的联系方式、姓名、工作经历和简历,以及招聘时需要考虑的其他信息(下称“求职者数据”)。此外,我们出于统计目的使用求职者数据,以改进我们的招聘流程。如果求职者未被某一特定职位录取,我们可能会出于内部目的使用其数据,或者未来存在我们认为可能适合他们的工作机会时向其告知。我们重视您的隐私,不会出于其他目的将您的求职者数据与其他任何人分享。求职者数据将留存 48 个月,在法律允许的情况下或将留存更长时间。如果您对自己的求职者数据和隐私方面有任何请求或疑问,请联系 legal@riskified.com。
儿童相关政策
我们不会故意向 13 岁以下或 16 岁以下(欧盟)儿童收集个人身份信息。如果父母或监护人知道其子女未经其同意便向我们提供了个人数据,则其应通过 support@riskified.com 与我们联系。如果知道上述年龄以下的儿童向我们提供了个人数据,我们会从档案中删除这些信息,除非我们在适当的情况下获得适当的同意,或除非我们因执法或法律目的而需要保留此类信息。
安全
我们遵循公认的行业标准和最佳做法来保护提交给我们的个人数据,无论是在传输期间还是在我们收到数据后。但是,由于互联网通信的性质和不断发展的技术、未经授权的进入或使用、硬件或软件故障或其他因素,用户信息的安全可能随时受到威胁。没有任何互联网传输方式或电子储存方式是 100% 安全的。我们不能保证个人数据的绝对安全,也不保证此类信息不会丢失、被第三方(尽管我们做出了努力,但此类第三方仍然获得了未经授权的权限)滥用或篡改。
隐私政策的变更和同意
在 Riskified 注册或在未事先注册的情况下使用本网站,即表示您同意本隐私政策的条款。我们有权随时变更隐私政策的条款,因此建议您定期查看。政策变更后,您继续使用网站即表示您接受本隐私政策。
链接
我们的网站可能包含那些转至其他公司的链接。我们不对其隐私做法负责。我们建议您了解这些公司的隐私政策。
关于特定地区的信息
欧盟居民
如果您是欧洲经济区、英国或瑞士或任何其他具有类似数据保护法的地区的居民,则以下条款适用于我们收集和管理您个人数据的方式。
作为数据控制者,我们依赖我们的合法权益来处理您的信息,而有时我们可能依赖您的同意、我们需要遵守法律义务或出于履行我们与您签订的合同来处理您的信息。
如果法律赋予您此等权利,您可以要求访问、更正或删除储存在我们系统中的您的个人数据。您还可以要求我们确认我们是否对您的个人数据进行处理。在遵守法律限制的前提下,您可以要求我们更新、更正或删除不准确或过时的信息。您还可以要求我们暂停使用您对其准确性存疑的任何个人数据,同时我们会验证该数据的状态。您还有权获取您直接向我们提供的个人数据,并有权将其传输给其他方。但是,如果某些信息与欺诈活动有关,或者是遵守法律义务所要求的,则我们将继续保留、使用和共享这些信息。
要行使任何上述权利,您可以通过 support@riskified.com 联系我们。在处理上述要求时,我们可能会要求提供更多信息来确认您的身份和要求。
我们的服务提供商包括在您所在地区或欧洲经济区之外的国家/地区运营的公司,其法律环境可能不符合欧盟数据保护标准。您可以选择不与这些数据源共享您的个人数据,但是,选择不共享可能会妨碍您使用网站。即使您提出了不共享数据的要求,但如果您的个人数据与欺诈活动有关,我们可能会继续保留、使用和共享某些信息,以防止非法行为。
我们可能在美国、欧盟、以色列和其他国家/地区储存并处理信息。我们还可能使用云服务来处理信息。
我们往往根据旨在提供充分数据保护的协定来处理信息。这可能包括在欧盟确定的可确保充分数据保护的国家/地区进行处理、使用合同条款范本或其他机制。您可以通过下文所述方式联系我们,获取我们用于将信息传输到欧洲经济区、英国或瑞士之外的协定。
在某些情况下,某些国家/地区法律规定的数据保护程度可能低于您所在国家/地区法律规定的程度。不过,我们会将您的信息传输到位于其他此类国家/地区内的实体,以便按本政策所述进行处理。
要行使任何上述权利,您可以通过 support@riskified.com 联系我们,或者通过 privacy@riskified.com 联系我们的数据保护官,或者通过以下方式联系我们的欧盟代表 Lionheart Squared (Europe) Ltd:riskified@lionheartsquared.eu;2 Pembroke House, Upper Pembroke Street 28-32, Dublin, D02 EK84 Ireland。在处理上述要求时,我们可能会要求提供更多信息来确认您的身份和要求。此外,您还有权向相关监管机构提起投诉,您可以在此查看相关联系方式。
加利福尼亚州居民
如果您居住在加利福尼亚州或适用法律规定了特定权利的其他司法管辖区,您对您的个人数据拥有特定权利。本部分介绍了您享有的权利,并说明可如何行使这些权利。
- 对收集、披露或出售的个人数据的知情权。您有权要求我们向您披露与我们在过去 12 个月内收集、使用、披露或出售您个人数据相关的某些信息。在我们收到并确认您的可验证消费者请求(参见“行使访问权和删除权”)之后,并在受我们在下文所述的某些限制的前提下,我们将向您披露此类信息。您有权要求下列任何或所有各项:
- 我们收集的关于您的个人数据的类别或具体部分;
- 所收集的个人数据的来源类别;
我们收集和出售此类个人数据的业务目的或商业目的; - 我们与之共享此类个人数据的第三方的类别。
- 要求删除的权利。除某些例外情况外,您有权要求我们删除从您处收集并保留的任何个人数据。在我们收到并确认您的可验证消费者请求(参见“行使访问权和删除权”)后,我们将从我们的记录中删除(并指示我们的服务提供商删除)您的个人数据。但是,我们可能会保留去除身份识别信息或汇总的个人数据。此外,如果我们需要保留此类信息以采取适用法律允许的某些行动(如检测数据安全事件或防止欺诈或非法活动),则我们可能会拒绝您的删除要求。因此,尽管有此类要求,我们仍会保留您的个人数据。
- 行使访问权和删除权。如要行使上述访问权和删除权,请发送电子邮件至 support@riskified.com,向我们提交要求。
只有您本人或者您授权代表您行事的在加州州务卿办公室注册的个人或业务实体(下称“授权代理”)才能提出上述要求。您也可代表您的未成年子女提出要求。
要求中应包括您的联系方式,并充分详细地描述您的要求,以便我们能够正确理解、评估和回应。此外,您应提供足够的信息(至少包括您的姓名、地址和电子邮箱),以便我们以合理方式验证您是我们收集个人数据的对象或其授权代表。
我们将合理及时地回应消费者的要求。如果我们需要更多时间来做出回应,则我们会将原因和延长期限以书面方式通知您。
为了保护您个人数据的安全,如果我们无法验证您的身份或提出要求的权利,也无法确认个人数据是否与您相关,则我们不会执行您的要求。验证您身份所采用的方法随要求的性质而异。一般而言,验证将由第三方服务提供商进行。
我们披露的范围只会涵盖我们收到您要求之前的 12 个月。在 12 个月内,我们没有义务将上文“对收集、披露或出售的个人数据的知情权”中所述的信息提供两次以上。
我们不会就处理或回应您的可验证消费者请求收取费用,除非该要求过度、重复或明显缺乏依据。如果我们确定此类要求需要付费,我们会向您告知我们做出决定的原因,并在执行您的要求之前向您提供费用估算。
不出售个人数据。我们不会“出售”(“出售”的定义见适用法律)信息。
不歧视。我们不会因您行使任何合法权利而歧视您。
中国居民
如果您是中国居民,则以下条款适用于我们收集和管理您个人数据的方式。
如果法律赋予您此等权利,您可以要求访问、更正或删除储存在我们系统中的您的个人数据。您还可以要求我们确认我们是否对您的个人数据进行处理。在遵守法律限制的前提下,您可以要求我们更新、更正或删除不准确或过时的信息。您还可以要求我们暂停或拒绝使用您对其准确性存疑的任何个人数据,同时我们会验证该数据的状态。您还有权获取您直接向我们提供的个人数据,并有权将其传输给其他方。但是,如果某些信息与欺诈活动有关,或者是遵守法律义务所要求的,则我们将继续保留、使用和共享这些信息。如果您对本隐私政策有任何疑问,您也可以要求我们作出相应的解释。
要行使任何上述权利,您可以通过 privacy@riskified.com 联系我们。在处理上述要求时,我们可能会要求提供更多信息来确认您的身份和要求。
如果我们将您的个人信息从中国传输到其他国家/地区,我们将根据中国的适用数据保护法律来采取措施。
最近更新日期:2021 年 1 月 11 日
Services Privacy Policy
Riskified provide online merchants (each, a “Merchant”) with services that help merchants optimize their e-commerce experience, including by preventing fraudulent online transactions, preventing account takeover, offering consumers an alternative payment method and increasing payment authorization (the “Services”). Merchants integrate our Services on their websites and mobile apps where consumers like you place orders (collectively, the “Merchant Website”). After you place an order, the Merchant Website may request that we process your personal data to provide our services.
This Privacy Policy (“Policy”) explains the privacy practices of Riskified Ltd., on behalf of ourselves and for the benefit of our affiliates (“Riskified”, “we”, “our”, or “us”) for our Services. It describes how we collect, use and share personal data, and the rights and options available to you with respect to your information.
You are not obligated by law to provide us with your personal data, but the Merchant Website may require that you provide us with your personal data to enable the processing of orders you place. Please note that this Policy does not cover the practices or policies of Merchants, the Merchant Website, or other parties.
INFORMATION WE COLLECT
During the past 12 months we have collected the categories of information listed below, and anticipate that we will continue to collect such information. This information is collected directly from you, from Merchants, from our service providers, from publicly available sources and through the Merchant Website and is used by us to provide Services for our merchants, to improve those services and as otherwise described in Use of Collected Information below.
Transaction data. When you place an order with a Merchant Website, we collect various data regarding your transaction, which may include personal data, such as your name, email, address, the items you purchased, price paid, shipping information, and (if you have one) basic information from your account on the Merchant Website. We also collect basic information about your payment and billing method. We do not collect or keep your complete credit card number.
Device data. We collect information about the personal computer or mobile device you use to access the Merchant Website. This includes the device model, operating system, unique identifiers, browser type, mobile network information, and the Internet Protocol (IP) address through which you accessed the Merchant Website.
Geo-location data. If you use the mobile app of a Merchant Website, we collect your geo-location when you are actively using the app. If you use the Merchant website, we collect your city-approximate geo-location.
Analytical data. We collect analytical data about your use of the Merchant Website. For example, we collect the frequency of your access to the Merchant Website, the time you spend accessing the Merchant Website, when you scroll, as well as any events sent to a behavioral tracking service, the pages that referred you to the Merchant Website, as well as the pages and items on the Merchant Website that you viewed or interacted with.
Cross-references. We also cross-reference, verify, and enhance the accuracy of the data outlined above using third-party online sources such as search engines, social networks, white pages, and mapping services. If you have provided the Merchant with access to information of third-party platforms, (including social networks), we may also receive the same access permissions to the information that you made public.
Inquiries. If you contact us for questions or complaints, we will collect the information related to your inquiry and to verify your identity. This may include your name, email address, postal address, telephone number and other contact information, depending on the nature of your inquiry.
USE OF COLLECTED INFORMATION
When a Merchant asks us to review an order you place on a Merchant Website, we review the data of your activities across all the Merchant Websites of our Merchants as well as any other data collected. We use this data to provide the Merchant a fraud analysis indicating whether or not the order is, in our assessment, a fraudulent online transaction. It is then at the discretion of the Merchant (not Riskified) to accept or decline your order.
We also use the information we collect for the following purposes:
- Improving and enhancing Services and developing new services;
- Statistical analysis of consumers’ activities;
- Handling your requests and complaints;
- Enforcing this Policy and preventing misuse of the Services;
- Taking any action in any case of disputes involving you, in relation to the Services; and,
- Any other action that may be mandated by law or undertaken to protect our legal rights and property and/or those of third parties.
SHARING INFORMATION COLLECTED
We may share the information outlined in this Policy with others, in the following instances:
With our third-party service providers
We use service providers to assist us in providing the Services. We only share with them the limited elements of the personal data we collect which are strictly necessary for them to provide us with their service. These service providers include data sources, such as white pages, data providers, and mapping services and other similar services. We do this in order to cross-reference, verify, and enhance the accuracy of the data that we collect. Some of these service providers may use the data we share with them for their own permitted purposes, in accordance with their own terms and policies subject to applicable law, such as Google’s Privacy Policy and Terms of Service.
With the Merchant
We may share limited elements of your personal data with the Merchant from whom you made your transaction was made. This information sharing will be for the purpose of reviews, audits or dispute handling or responding to your request for access to your personal data.
With Our Partners
Riskified partners with certain entities, such as banks, card networks, and/or payment gateways, and may provide them with elements of your personal data in order to optimize order approval.
When required for Legal Purposes
We may share your personal data with third parties if we believe it is required by law or for the purpose of exercising legitimate legal rights. For instance, it could be necessary to share your data in order to comply with legal proceedings, to protect or exercise the legal rights of Riskified or our Merchants, or to respond to lawful requests.
With Corporate Group Entities or in a Business Transfer
We may share your personal data with our corporate group entities but their use of such information must comply with the Policy. Your data may also be shared if the operation of the Services is organized within a different framework or through another legal structure or entity, such as due to a merger or acquisition.
Non-Personal Data
We may use the information we collect to compile aggregated, anonymized, or de-identified information. We may share de-identified or aggregated information with any number of parties.
With you
We may share the data we possess about you with you upon your verifiable request or with other parties at your direction. We may contract with one or more vendors in order to verify your identity. In order to submit a request, please email support@riskified.com.
Transfer of Data Outside Your Territory
We may store and process information in the US, the EU, Israel, and in other countries. We may also process information using cloud services.
We frequently process information under arrangements aimed at providing an adequate level of data protection. This may include processing in countries that the EU has determined maintain adequate data protection, the use of model contract clauses, or other mechanisms. You may contact us as noted below to obtain a copy of the arrangements we use to transfer information outside of the European Economic Area, the UK, or Switzerland.
In certain cases the laws in some of these countries may nevertheless provide a lesser degree of data protection than the laws of your own country. However, we will transfer your information to entities within other such countries for the purpose of processing as described in this Policy.
LOCATION SPECIFIC INFORMATION
Residents of the European Union
If you are a resident of the European Economic Area, the UK or Switzerland, or any other territory with similar data protection laws, the following section is applicable to how we collect and manage your personal data.
- As a data controller we rely on our legitimate interests to process your information, including the use of our service providers assisting us to deliver the Services. We may also receive your explicit consent through the Merchant Website. The Merchant Website relies on their own valid legal basis for processing your information, which may be in the form of consent, legitimate interest or execution of a contract.
- The Merchant Website may, at its own discretion, use Riskified’s Services to make a decision on whether to accept or decline your order based solely on automated processing. It may do so if you have given your consent, if needed to enter into or perform a contract, or if authorized by law. Please direct inquiries concerning approval of your order based solely on automated means to the Merchant Website.
- If the law grants you such rights, you may ask to access, correct, or delete your personal data that is stored in our systems. You may also ask for our confirmation as to whether or not we process your personal data. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any personal data that you contest the accuracy of, while we verify the status of that data. You may also be entitled to obtain personal data that you directly provided us and have the right to transmit it to another party. However, we will continue retaining, using and sharing certain information if it is associated with fraudulent activity or to comply with legal obligations.
- Several of our data sources are companies operating in countries outside of your local territory or the European Economic Area, in legal environments that may not be adequate by EU data protection standards. You may opt out of having your personal data shared with those data sources. However, opting out may prevent us from providing Services and, as a result, may prevent you from using the Merchant Website. Irrespective of requests to opt out, if your personal data is associated with fraudulent activity we may continue to retain, use and share certain information, in order to prevent unlawful practices.
If you wish to exercise any of these rights, you can contact us at: privacy@riskified.com, or our EU representative, Lionheart Squared (Europe) Ltd, at riskified@lionheartsquared.eu; 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, D02 EK84 Ireland. When handling these requests, we may ask for additional information to confirm your identity and your request. In addition, you may also have the right to submit a complaint with the relevant supervisory authority – you can find the relevant contact details here.
Residents of California
If you reside in California or other jurisdictions where such rights are provided by applicable law, you have specific rights regarding your personal data. This section describes the rights that you have and explains how to exercise those rights.
- Right to Know About Personal Data Collected, Disclosed or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, and Deletion Rights), and subject to certain limitations that we describe below, we will disclose such information to you. You have the right to request any or all of the following:
- The categories of personal data we collected about you.
- The categories of sources from which the personal data is collected.
- Our business or commercial purpose for collecting or selling that personal data.
- The categories of third parties with whom we share that personal data.
- The specific pieces of personal data we collected about you.
- Right to Request Deletion. You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, and Deletion Rights), we will delete (and direct our service providers to delete) your personal data from our records. However, we may retain personal data that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us in order to perform certain actions permitted by applicable law, specifically such as detecting data security incidents or protecting against fraudulent or illegal activity. Therefore, we may retain your personal data despite such request.
- Exercising Access and Deletion Rights. To exercise the access and deletion rights described above, please submit a request to us by emailing support@riskified.com.
Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.
The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including, at minimum, your name, address, and e-mail address) that allows us to reasonably verify that you are the person about whom we collected the personal data or an authorized representative.
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.
In order to protect the security of your personal data, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. The method used to verify your identity will vary depending on the nature of the request. Generally speaking, verification will be performed by a third-party service provide.
Any disclosures we provide may only cover the 12-month period preceding our receipt of your request. We are not obligated to provide the information set forth above under “Right to Know About Personal Data Collected, Disclosed or Sold” more than twice in a 12-month period.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- Personal Data Sales Opt-Out. We do not “sell” information, as sales are defined under applicable laws.
- Non-Discrimination. We will not discriminate against you for exercising any of your legal rights.
INFORMATION SECURITY
We implement industry standard measures to reduce risks caused by the potential loss of information, unauthorized access, or use of information. However, no measure can provide absolute information security and we cannot provide protections beyond what is within our reasonable control.
DATA RETENTION
The personal data we collect is retained only for as long as necessary to provide the Services or any newly developed services under this Policy. We retain the personal data we receive from the Merchant for no more than 48 months, unless you request that we delete this information, or if it is required by us to establish, exercise, or defend against legal claims, or comply with legal obligations. When we dispense with data it is either deleted from our system or anonymize without further notice to you.
POLICY REGARDING CHILDREN
We do not knowingly collect personal data from children under the age of 13, and children under the age of 16 in the EU or California. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, he or she should contact us at support@riskified.com. If we become aware that a child under such ages has provided us with personal data, we will delete such information from our files unless we have appropriate consent, where applicable, or unless we are required to maintain it for law-enforcement or legal purposes
CHANGES TO THIS POLICY
If we materially change this Policy in a manner that adversely affects your rights, or the protections afforded to your personal data, such changes will only affect the personal data we collect after the Policy change, unless you agree to us treating the personal data previously collected in accordance with the new Policy.
CONTACT US
You may contact us with any questions or comments, at: support@riskified.com
Our postal address is: 30 Kalischer Street, Tel Aviv, Israel, postal code 6525724 or 220 Fifth Avenue, Floor 2, New York, NY 10001.
Effective date of the policy: September 2, 2021
Riskified respects the privacy of the users of our website at https://www.riskified.com (the “Site”) and is committed to protecting the information that is collected and/or is disclosed by the Site users (“users” or “you”). This Website Privacy Policy (“Policy”) explains the privacy practices of Riskified Ltd., on behalf of ourselves and for the benefit of our affiliates (“Riskified”, “we”, “our”, or “us”) for use of the Site.
INFORMATION WE COLLECT
During the past 12 months we have collected the categories of information listed below, and will continue to collect such information. This information is collected from you, directly, through your browsing session on the Site and through third parties and is used by us to improve our services and as otherwise described below.
Riskified collects information from our users at several different points on our Site. Personal data such as a user’s name, address, contact information, and other personally-identifiable information may be collected from you and stored in our databases when you register to the Site, request support, enter into a sales promotion, or otherwise interact with us (for example through the “contact us” option). If you do not provide us with the required information we may not be able to provide you with the information/services requested by you. Registered users may have a user name and password to access their information.
When you use the Site we may automatically collect personal data through cookies or other online technologies. This may include internet traffic data such as a user’s IP address, domain server, type of computer, type of web browser, your browsing session on the Site (e.g., the pages accessed and links clicked), the referral source and website navigation paths of your visit and your interactions on the Site. This information is helpful for us to operate our site, for marketing purposes or for improving a user’s experience on the Site.
We may also collect information about you from our business partners and other service providers, including personal data (e.g., contact information such as emails and general information associated with your IP or device), to help to operate our site, for marketing purposes or for improving your experience on the Site.
We may also collect statistical and other aggregated data related to your use of the Site or services thereon as well as information on Site usage patterns. This information is collected and used as non-individually identifiable information.
HOW WE USE INFORMATION AND WHO WE SHARE IT WITH
We use the information collected to analyze trends, administer the Site, improve our services, track users movements around the Site, and gather demographic information about our user base. We also use the collected information to respond to your requests and contact you. We compile and store the collected information to generate reports related to our users’ access to and use of our Site and services. We may use specific information collected to personalize and deliver content marketed directly to you and measure its effectiveness, subject to requirements of applicable law.
To the extent required under applicable data processing laws and regulations any personal data that we collect may be stored in our database and will be used in accordance with such applicable laws and regulations.
We do not share, distribute, sell, or rent any of your personal data with/to third parties, except to assist us with the above activities and in the following circumstances where we may use the information we collect:
- The information is required by law in order to prevent, investigate, or take action regarding illegal activities;
- In response to legal process, court orders, subpoenas;
- To establish or exercise our legal rights or defend against legal claims;
- For the purpose of providing and operating the Site we may share information with trusted third party partners for purpose of providing Site-related services to us. We will require that these third parties comply with this Privacy Policy or with privacy policies at least as protective as this Privacy Policy.
- We may also request your permission to use your information in other ways. Such use is subject to your consent.
- Any data processing performed by these third parties will, if and when required by law, be governed by a data processing agreement in the form required by law preserving your statutory data protection rights.
- In case of a business transfer. In the conduct of our business, we may go through a business transaction such as a sale, merger, reorganization or bankruptcy proceeding. Information collected from users of the Site, including personal data, could be transferred as part of such transaction. By submitting your personal data through the Site, you agree that your information may be transferred to third parties under such circumstances.
COOKIES
A cookie is a piece of data sent from a website while the user is browsing and stored on a user’s hard drive to contain information about the user. We use cookies to enhance the user experience, improve our service, including by means such as storing passwords or preference information. We may also use cookies to track and monitor usage of the Site for the purposes of marketing and operational improvements.
Riskified’s Site uses both ‘session’ and ‘persistent’ cookies. ‘Session cookies’ are created and stored temporarily while the user browses and are deleted from the device when the browser is closed. ‘Persistent cookies’ are saved on the user’s device for a fixed period and becomes active when they visit the Site.
Users located in the EU will receive a pop up notification informing them that cookies are operating on our Site. Most browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies, or receive a warning before a cookie is stored.
INTEREST-BASED ADVERTISING
We may work with third parties who collect information on our Site and elsewhere through the use of cookies and similar methods in order to serve you with relevant advertisements on other services or to determine that you have seen our advertisements on other services and for other retargeting purposes. We do not respond to or honor “do not track” (a/k/a DNT) signals or similar mechanisms automatically transmitted by web browsers for which we cannot evaluate your choice.
E-MAIL COMMUNICATIONS
You have the ability to opt out of receiving marketing communications from Riskified at any time. You can opt out by either changing your email preferences or using the link provided at the bottom of each email message. You may not opt out of administrative emails (for example, emails about your transactions or policy changes) while you are a registered user.
We do not send emails to anyone without permission and we do not sell or rent email addresses to any unauthorized third party. If you believe that you have received an unsolicited email from us, please contact us at support@riskified.com and we will investigate.
DATA RETENTION
We retain the personal data we receive through the Site for no more than 48 months, unless you request that we delete this information, or if it is required by us to establish, exercise, or defend against legal claims, or comply with legal obligations. When we dispense with data it is either deleted from our system or anonymized without further notice to you.
APPLICANTS DATA
We use information about job applicants (from the website or any other source) such as their contact details, name, professional experience and CV, and other information needed to consider their hiring (Applicants Data). Additionally, we use Applicants Data for statistical purposes to improve our recruitment processes. We may use data of applicants that have not been accepted for a specific position, for internal purpose or to inform them of future job opportunities that we believe may suit them. We care about your privacy and will not share your Applicants Data with anyone else for other purposes. Applicants Data will be retained for 48 months or a longer period as may be allowed for by law. For any request or question regarding your Applicants Data and privacy, please contact legal@riskified.com.
POLICY REGARDING CHILDREN
We do not knowingly collect personally identifiable information from children under the age of 13, or 16 in the EU. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, he or she should contact us at support@riskified.com. If we become aware that a child under such ages has provided us with personal data, we will delete such information from our files unless we have appropriate consent, where applicable, or unless we are required to maintain it for law-enforcement or legal purposes.
SECURITY
We follow generally accepted industry standards and best practices to protect the personal data submitted to us, both during transmission and once we receive it. However, due to the nature of Internet communications and evolving technologies, unauthorized entry or use, hardware or software failure, or other factors, the security of user information may be compromised at any time. No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of personal data and disclaim any assurance that such information will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
CHANGES AND CONSENT TO PRIVACY POLICY
By registering with Riskified or by using the Site without prior registration you agree to the terms of this Privacy Policy. We reserve the right to change the provisions of the Privacy Policy from time to time and you are therefore advised to check it regularly. Your continued use of the Site after any change to the policy constitutes your acceptance of this Privacy Policy.
LINKS
Our Site may have links to the sites of other companies. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies.
LOCATION SPECIFIC INFORMATION
Residents of the European Union
If you are a resident of the European Economic Area, the UK or Switzerland, or any other territory with similar data protection laws, the following section is applicable to how we collect and manage your personal data.
As a data controller we rely on our legitimate interests to process your information, while at times we may rely on your consent, the need to comply with a legal obligation or perform a contract with you.
If the law grants you such rights, you may ask to access, correct, or delete your personal data that is stored in our systems. You may also ask for our confirmation as to whether or not we process your personal data. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any personal data that you contest the accuracy of, while we verify the status of that data. You may also be entitled to obtain personal data that you directly provided us and have the right to transmit it to another party. However, we will continue retaining, using and sharing certain information if it is associated with fraudulent activity or to comply with legal obligations.
If you wish to exercise any of these rights, contact us at: support@riskified.com. When handling these requests, we may ask for additional information to confirm your identity and your request.
Several of our service providers are companies operating in countries outside of your local territory or the European Economic Area, in legal environments that may not be adequate by EU data protection standards. You may opt out of having your personal data shared with those data sources, however, opting out may prevent you from using the Site. Irrespective of requests to opt out, if your personal data is associated with fraudulent activity we may continue to retain, use and share certain information, in order to prevent unlawful practices.
We may store and process information in the US, the EU, Israel, and in other countries. We may also process information using cloud services.
We frequently process information under arrangements aimed at providing an adequate level of data protection. This may include processing in countries that the EU has determined maintain adequate data protection, the use of model contract clauses, or other mechanisms. You may contact us as noted below to obtain a copy of the arrangements we use to transfer information outside of the European Economic Area, the UK, or Switzerland.
In certain cases the laws in some of these countries may provide a lesser degree of data protection than the laws of your own country. However, we will transfer your information to entities within other such countries for the purpose of processing as described in this Policy.
If you wish to exercise any of these rights, you can contact us at:
support@riskified.com, our Data Protection Officer at privacy@riskified.com, or our EU representative, Lionheart Squared (Europe) Ltd, at riskified@lionheartsquared.eu; 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, D02 EK84 Ireland. When handling these requests, we may ask for additional information to confirm your identity and your request. In addition, you may also have the right to submit a complaint with the relevant supervisory authority – you can find the relevant contact details here.
Residents of California
If you reside in California or other jurisdictions where such rights are provided by applicable law, you have specific rights regarding your personal data. This section describes the rights that you have and explains how to exercise those rights.
- Right to Know About Personal Data Collected, Disclosed or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, and Deletion Rights), and subject to certain limitations that we describe below, we will disclose such information to you. You have the right to request any or all of the following:
- The categories of or specific pieces of personal data we collected about you.
- The categories of sources from which the personal data is collected.
Our business or commercial purpose for collecting or selling that personal data. - The categories of third parties with whom we share that personal data.
- Right to Request Deletion. You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, and Deletion Rights), we will delete (and direct our service providers to delete) your personal data from our records. However, we may retain personal data that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us in order to perform certain actions permitted by applicable laws, specifically such as detecting data security incidents or protecting against fraudulent or illegal activity. Therefore, we may retain your personal data despite such request.
- Exercising Access and Deletion Rights. To exercise the access and deletion rights described above, please submit a request to us by emailing support@riskified.com
Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child.
The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information (including, at minimum, your name, address, and e-mail address) that allows us to reasonably verify that you are the person about whom we collected the personal data or an authorized representative.
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.
In order to protect the security of your personal data, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. The method used to verify your identity will vary depending on the nature of the request. Generally speaking, verification will be performed by a third-party service provide.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. We are not obligated to provide the information set forth above under “Right to Know About Personal Data Collected, Disclosed or Sold” more than twice in a 12-month period.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Data Sales Opt-Out. We do not “sell” information, as sales are defined under applicable laws.
Non-Discrimination. We will not discriminate against you for exercising any of your legal rights.
Last updated: September 2, 2021
Our Commitment to Security
We work day in and day out to ensure that Riskified isn’t just the best fraud management solution but also the safest solution. It is our commitment to you, your customers, our business partners, and everyone in between, that Riskified sets the gold standard for security in eCommerce fraud management. If you ever have any questions about Riskified’s security, please contact us at support@riskified.com, and we’ll route your inquiry to our security team.
Data and Information Security at Riskified
Business is built on a foundation of trust, and we take that very seriously – both the trust you place in us, and the trust your customers place in you. Thus, maintaining the privacy and security of your customers’ data is a top priority. In addition, we are thoughtful of the impact any downtime or interference might have on your customers’ experience.
Riskified’s data and information security strategies are designed to ensure your data and your customers’ personal information remain protected while avoiding availability issues and providing a high level of service at all times.
Riskified is committed to securing our customers data, and actively invests in creating a protected service that our customers can trust. We have taken a number of measures and have put in place mechanisms to prevent unauthorized access to the data:
- At Riskified, we do not store personally identifiable information (PII) data locally. All Riskified client data is stored on Amazon Web Services (AWS) using 256-bit Advanced Encryption Standard (AES-256).
- Riskified maintains ISO 27001:2013 Certification and uses it as the basis for our information security management system (ISMS). This ensures we have the proper processes and programs in place. As part of this certification, we conduct employee training, restrict access to certain data points, and separate duties between our operations and research teams.
- To ensure we maintain a constant high level of service, we have put in place business continuity plans, devised incident management procedures, and have implemented disaster recovery procedures. Riskified understands that it provides a mission-critical service to our customers. Our main API service is architected with multiple fallbacks both on the application layer and the physical infrastructure on which it relies. All of Riskified infrastructure (including our API) is hosted on Amazon Web Services (AWS) within multiple availability zones (AZ) and regions.
Additional Security Mechanisms
We’re constantly working on more ways to make Riskified the most-secure fraud-management solution. Some mechanisms are published here, and others we keep private. But rest assured, security is a primary focus for Riskified.