Effective Date: February 1st, 2024.
1.1 This privacy notice (“Privacy Notice”) describes how we process the personaldata of the users of our services, the visitors of our website www.riskseal.io(“Website”), our social media sites, webinar participants and any other personsthat interact with us directly (“you”).
1.2 In case you are a user of an online service provider that uses RiskSeal as adata service provider (“End-user”), please refer to Annex I to this PrivacyNotice that specifies the information that applies to you.
1.3 At RiskSeal we are committed to protecting your personal data and respectingyour right to privacy.
1.4 When we process your personal data on the basis of our legitimate interest (seebelow under Section 5), you have the right to object to that processing (forfurther explanation, see Section 8.5). If you wish to exercise this right,please contact us or our Data Protection Officer at the email contact detailsspecified below.
2.1 RiskSeal is a data processor, with regard to the processing of non-direct“End-user personal data”.
2.2 The data controller of your personal data (“End-user personal data”) is the customer on whose behalf you use our services. For more detailed information, please see ANNEX I – RiskSeal information notice to END-USERS.
2.3 If you are a user of our services, who subscribed directly to the Website, and not using our services on behalf of a RiskSeal customer, the data controller ofyour personal data (“Direct user personal data”) is RiskSeal.
2.4 If you use our services on behalf of a RiskSeal customer, the data processor of your personal data is RiskSeal.
2.5 RiskSeal (hereinafter referred to as “RiskSeal”, “we”, “us” or “our” in thisPrivacy Notice) means RiskSeal, Inc. Registered seat: 2810-4447North Church Street,
Wilmington, DE 19802, USA,Company authentication number: 204199277
2.6 For any inquiries about this Privacy Notice, please contact any RiskSeal entityat the following email address: legal@riskseal.io
2.7 RiskSeal appointed a DPO. For any inquiries about this Privacy Notice, you maycontact our DPO at dpo@riskseal.io
3.1 RiskSeal comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and UK Extension set forth by the U.S. Department of Commerce. RiskSeal has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles concerning the processing of personal data received from theEuropean Union in reliance on the EU-U.S. DPF and the UK Extension to theEU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.
3.2 RiskSeal is responsible for processing personal data it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. RiskSeal complies with the EU-U.S. DPF Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. The Federal TradeCommission has jurisdiction over RiskSeal compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
4.1.We process your personal data for the following purposes:
- Providing the services, including registration on the Website, providing demos, establishing contractual relationships, and concluding contracts.
- Processing payments from our customers.
- Enhancing our services.
- Ensuring information security of the services and preventing fraud.
- Lead generation, sending newsletters, and other direct marketing communications.
- Providing customer support and service updates.
- Organizing webinars and events.
- Business performance analysis and managerial decision-making.
4.2.We do not carry out automated decision-making or profiling based solely on automated processing of your personal data as described by Article 22 GDPR.
5.1 Providing the services, including registration on the Website, providing demos, establishing contractual relationships, concluding contracts.
-Legal basis: Our legitimate interest in managing user accounts and providing the requested services.
-Categories of personal data: Contact details, account creation data, service usage information, and related communications.
-Retention period: 5 years based on the applicable limitation period for legal claims.
5.2 Processing payments from customers.
-Legal basis: Our legitimate interest in collecting service fees.
-Categories of personal data: Contact details, billing information, service usage data.
-Retention period: 5 years based on statutory retention periods in case of accounting documents.
6.1 RiskSeal safeguards personal data received in the United States from the UnitedKingdom, European Union, or European Economic Area in compliance with GDPRArticles 45 to 50.
6.2 RiskSeal has implemented appropriate cross-border transfer solutions in accordance with the GDPR, such as European Commission Standard ContractualClauses and the UK’s International Data Transfer Addendum.
6.3 In all cases where RiskSeal transfers personal data to a third party acting asa controller, RiskSeal ensures data protection through contractual agreements.
6.4 RiskSeal remains liable for the processing of your personal information by third-party recipients unless it proves it is not responsible for the event giving rise to the damage.
7.1 Your personal data will be processed by RiskSeal employees for the purposes outlined in this PrivacyNotice.
7.2 We may share your personal data with business partners such as cloud providers, CRM providers, e-signature providers, payment processors, marketing partners, and legal consultants.
7.3 RiskSeal ensures that all data transfers comply with applicable legal frameworks, including GDPR and the EU-U.S. Data Privacy Framework.
8.1 You have the following rights regarding your personal data:
* Right to access: Obtain information on the data we process about you.
* Right to rectification: Correct inaccurate or incomplete personal data.
* Right to erasure: Request deletion of your data where applicable.
* Right to restriction of processing: Request limited processing under certain conditions.
* Right to object: Object to processing based on legitimate interest.
* Right to data portability: Request transfer of your data to another service provider.
8.2. You can exercise your rights by contacting our DPO at dpo@riskseal.io.
9.1 Complaints and Dispute Resolution. In compliance with the EU‑U.S. DPF and the UK Extension to the EU‑U.S. DPF,RiskSeal, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UKInformation Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU‑U.S.DPF and the UK Extension. If you are dissatisfied with our handling of your data, you may file a complaint with your local data protection authority free of charge.
9.2 RiskSeal is committed to resolving disputes in accordance with applicable legal frameworks
9.3 Disclosure to Public Authorities. RiskSeal may be required to disclose your personal data in response to lawful requests by public authorities, including requests made for national security or law enforcement purposes, as mandated by applicable laws and regulations.Any such disclosure will be carried out in accordance with the relevant legal procedures and safeguards.
9.4 Binding Arbitration. Subject to the conditions set forth in Annex I of the DPF Principles, you may invoke binding arbitration as a means to resolve disputes with RiskSeal. To do so, you must deliver notice to RiskSeal in accordance with the procedures specified in Annex I. Upon proper invocation, RiskSeal is obligated to arbitrate claims in accordance with the terms of the EU‑U.S. DPF and the UKExtension.These changes ensure that thePrivacy Policy now informs individuals about the designated European data protection authorities, the requirement to disclose information upon lawful requests, and the option to invoke binding arbitration.
10.1 We may amend this Privacy Notice as necessary to comply with legal, regulatory, or operational changes.
10.2. Updates will be communicated via our Website or other official channels.
WHY DID YOU RECEIVE THIS INFORMATION NOTICE? You received this information notice because an online service provider (where you registered an account or with whom you interacted, such as a financial institution) uses certain functionalities of RiskSeal’s services, and, as a result, RiskSeal became the processor of your personal data.
WHO IS RISKSEAL? RiskSeal provides data services to online service providers.
WHICH RISKSEAL FUNCTIONALITIES CONCERN YOUR PERSONAL DATA? There are two functionalities we would like to inform you about in this notice. We provide your online service provider with information (i) on how many times your email address, IP addressor phone number was checked in our system, and when it was checked last time, etc. (history data); and (ii) on whether your email address, phone number or IP address has been flagged as fraudulent in our system, etc. (flag data). We collect these personal data from other online service providers that use these functionalities. We may maintain a database of this data. We do not carry out automated decision-making or profiling based solely on automated processing ofyour personal data as described by Article 22 of GDPR when providing these functionalities.
HOW DO WE USE YOUR PERSONAL DATA? We use your personal data on behalf of online service providers (where you registered an account or with whom you interacted, such asa financial institution) according to and strictly in the scope of their instructions. The online service provider (data controller) determines thepurposes and means of processing your personal data. In other words, the data controller decides the how and why of RiskSeal’s data processing operation. Themost typical usage of your personal data by a service provider is conducting a fraud check, but sometimes, it may also include data analysis for various kinds oflawful purposes. Purposes and means of processing are always determined by the controllers (service providers) and not by RiskSeal.
HOW DO WE SHARE YOUR PERSONAL DATA? We share your personal data with our cloud provider and other online service providers that use these functionalities. We transfer your personal data to the US and various third countries. We enter into standard contractual clauses adopted by the European Commission with these business partners to ensure the adequate protection of your personal data. You can request a copy of the safeguards for international data transfers can by contacting us.
FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA? RiskSeal will continue to process your data related to any queries for a period of one (1) year from the completion of the relevant query, unless the data controller (customer) instructs RiskSeal otherwise.
WHAT ARE YOUR RIGHTS? Please note that RiskSeal acts only as a “Data Processor” of any of your personal information that may have been collected by RiskSeal in our role as a provider of fraud detections ervices for our customers. Our customer(s) are considered the “DataController” of your personal information under the GDPR and they are the only one(s) that can respond to your request. In such cases, we notify our customer(s) of your request without undue delay. Our customer(s) (your DataController) must respond to your request. Again, we notify them on your behalf, and they should execute your request, however for further information about your request, you may want to contact them directly.Among other data protection rights, you have the right to object that we include your personal data in these functionalities. You can exercise your rights by contacting our customer(s) (the Data Controller) or us. For further information on yourr ights, remedies and updates to this document please refer to the corresponding sections of our Privacy Notice.
WHO CAN YOU CONTACT? With regards to other RiskSeal functionalities not detailed above, the online service providers who you interact with will qualify as the controller of your data. These online service providers will provide you further information in their own privacy notices on how their fraud prevention practices affect your personal data..
WHERE CAN YOU FIND INFORMATION ON OTHER RISKSEAL FUNCTIONALITIES? With regards to other RiskSealfunctionalities not detailed above, the online service providers who youinteract with will qualify as the controller of your data. These online serviceproviders will provide you further information in their own privacy notices onhow their fraud prevention practices affect your personal data.