Effective Date: April 1st, 2026.
1.1 This privacy notice (“Privacy Notice”) describes how we process the personal data of the users of our services, the visitors of our website www.riskseal.io (“Website”), our social media sites, webinar participants, and any other persons that interact with us directly (“you”).
1.2 If you are a user of an online service provider that uses RiskSeal as a data service provider (“End-user”), please refer to Annex I to this Privacy Notice that specifies the information that applies to you.
1.3 At RiskSeal we are committed to protecting your data and respecting your right to privacy.
1.4 When we process your data on the basis of our legitimate interest (see below under Section 5), you have the right to object to that processing (for further explanation, see Section 8). If you wish to exercise this right, please get in touch with us or our Data Protection Officer using the email contact details specified below.
2.1 RiskSeal is a data processor for the processing of non-direct "End-user personal data".
2.2 The data controller of your personal data (“End-user personal data”) is the customer on whose behalf you use our services. Please see ANNEX I – RiskSeal information notice to END-USERS for more detailed information.
2.3 If you are a user of our services who subscribes directly to the Website and is not using our services on behalf of a RiskSeal customer, the data controller of your personal data (“Direct user personal data”) is RiskSeal.
2.4 If you use our services on behalf of a RiskSeal customer, the data processor of your personal data is RiskSeal.
2.5 RiskSeal (hereinafter referred to as “RiskSeal”, “we”, “us” or “our” in this Privacy Notice) means RiskSeal, Inc., registered seat: 2810-4447 North Church Street, Wilmington, DE 19802, USA, company authentication number 204199277.
2.6 For any inquiries about this Privacy Notice, please get in touch with any RiskSeal entity at the following email address: legal@riskseal.io.
2.7 RiskSeal appointed a DPO. For any inquiries about this Privacy Notice, you may contact our DPO at dpo@riskseal.io.
3.1. RiskSeal complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RiskSeal has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RiskSeal has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. RiskSeal is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) with respect to its compliance with the Data Privacy Framework. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
3.2. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RiskSeal commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
4.1 We process your personal data for the following purposes:
– providing the services, including website registration, demos, establishing contractual relationships, and concluding contracts;
– processing payments from our customers;
– enhancing our services;
– ensuring the security of the services and preventing fraud;
– lead generation, sending newsletters, and other direct marketing communications;
– providing customer support and service updates;
– organizing webinars and events;
– business performance analysis and managerial decision-making.
4.2. We do not carry out automated decision-making or profiling based solely on automated processing of your data as described by Article 22 GDPR.
5.1 Providing services, including website registration, demos, establishing contractual relationships, and concluding contracts.
– Legal basis: our legitimate interest in managing user accounts and providing the requested services.
– Categories of personal data: contact details, account creation data, service usage information, and related communications.
– Retention period: 5 years based on the applicable limitation period for legal claims.
5.2 Processing payments from customers.
– Legal basis: our legitimate interest in collecting service fees.
– Categories of personal data: contact details, billing information, service usage data.
– Retention period: 5 years based on statutory retention periods in case of accounting documents.
6.1 RiskSeal safeguards personal data received in the United States from the United Kingdom, the European Union, the European Economic Area, or Switzerland in compliance with GDPR Articles 45 to 50.
6.2 RiskSeal has implemented appropriate cross-border transfer mechanisms in accordance with applicable data protection laws, including the GDPR, the UK data protection laws, and the Swiss Federal Act on Data Protection (FADP), such as the European Commission’s Standard Contractual Clauses (including, where applicable, adaptations for Switzerland) and the UK International Data Transfer Addendum.
6.3 In all cases where RiskSeal transfers personal data to a third party acting as a controller, RiskSeal ensures data protection through contractual agreements.
6.4 RiskSeal remains liable for processing your personal information by third-party recipients unless it proves it is not responsible for the event giving rise to the damage.
7.1 Your personal data will be processed by RiskSeal employees for the purposes outlined in this Privacy Notice.
7.2 We may share your data with business partners such as cloud providers, CRM providers, e-signature providers, payment processors, marketing partners, and legal consultants.
7.3 RiskSeal ensures that all data transfers comply with applicable legal frameworks, including the GDPR, the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
8.1 You have the following rights regarding your data:
– right to access: obtain information on the data we process about you;
– right to rectification: correct inaccurate or incomplete personal data;
– right to erasure: request deletion of your data where applicable;
– right to restriction of processing: request limited processing under certain conditions;
– right to object: object to processing based on legitimate interest;
– right to data portability: Request transfer of your data to another service provider.
8.2. You can exercise your rights by contacting our DPO at dpo@riskseal.io.
9.1 Complaints and Dispute Resolution. In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), RiskSeal commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. If you are dissatisfied with our handling of your personal data, you may contact us directly to seek resolution. You may also file a complaint free of charge with your local data protection authority, including the relevant EU DPAs, the UK ICO, or the Swiss FDPIC, as applicable.
9.2 RiskSeal is committed to resolving disputes in accordance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. DPF, and applicable legal frameworks.
9.3 Disclosure to Public Authorities. RiskSeal may be required to disclose your personal data in response to lawful requests by public authorities, including requests made for national security or law enforcement purposes, in accordance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. DPF, and applicable laws and regulations.?
9.4 Binding Arbitration. Subject to the conditions set forth in Annex I of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles and, as applicable, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, individuals in the European Union, the United Kingdom, and Switzerland, as applicable, may invoke binding arbitration as a means to resolve complaints concerning RiskSeal’s handling of personal data that have not been resolved by other redress mechanisms. RiskSeal is obligated to arbitrate such claims in accordance with the DPF Principles.
10.1 We may amend this Privacy Notice as necessary to comply with legal, regulatory, or operational changes.
10.2. Updates will be communicated via our Website or other official channels.
WHY DID YOU RECEIVE THIS INFORMATION NOTICE?
You received this information notice because an online service provider (where you registered an account or with whom you interacted, such as a financial institution) uses certain functionalities of RiskSeal’s services, and, as a result, RiskSeal became the processor of your data.
WHO IS RISKSEAL? RiskSeal provides data services to online service providers.
WHICH RISK SEALS FUNCTIONALITIES CONCERN YOUR DATA? We would like to inform you about two functionalities in this notice. We provide your online service provider with information (i) on how many times your email address, IP address or phone number was checked in our system, and when it was checked last time, etc. (history data); and (ii) on whether your email address, phone number or IP address has been flagged as fraudulent in our system, etc. (flag data). We collect this personal data from other online service providers that use these functionalities. We may maintain a database of this data. We do not carry out automated decision-making or profiling based solely on automated processing of your personal data as described by Article 22 of GDPR when providing these functionalities.
HOW DO WE USE YOUR PERSONAL DATA? We use your personal data on behalf of online service providers (where you registered an account or with whom you interacted, such as a financial institution) according to and strictly in the scope of their instructions. The online service provider (data controller) determines the purposes and means of processing your personal data. In other words, the data controller decides the how and why of RiskSeal’s data processing operation. The most typical usage of your personal data by a service provider is conducting a fraud check, but sometimes, it may also include data analysis for various kinds of lawful purposes. Purposes and means of processing are always determined by the controllers (service providers) and not by RiskSeal.
HOW DO WE SHARE YOUR PERSONAL DATA? We share your personal data with our cloud provider and other online service providers that use these functionalities. We transfer your personal data to the US and various third countries. We enter into standard contractual clauses adopted by the European Commission with these business partners to ensure the adequate protection of your personal data. You can request a copy of the safeguards for international data transfers by contacting us.
FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA? RiskSeal will continue to process your data related to any queries for a period of one (1) year from the completion of the relevant query, unless the data controller (customer) instructs RiskSeal otherwise.
WHAT ARE YOUR RIGHTS? Please note that RiskSeal acts only as a “Data Processor” of any of your personal information that may have been collected by RiskSeal in our role as a provider of fraud detection services for our customers. Our customer(s) are considered the “Data Controller” of your personal information under the GDPR, and they are the only ones that can respond to your request. In such cases, we notify our customer(s) of your request without undue delay. Our customer(s) (your Data Controller) must respond to your request. Again, we notify them on your behalf, and they should execute your request; however, for further information about your request, you may want to contact them directly. Among other data protection rights, you have the right to object that we include your personal data in these functionalities. You can exercise your rights by contacting our customer(s) (the Data Controller) or us. For further information on your rights, remedies, and updates to this document, please refer to the corresponding sections of our Privacy Notice.
WHO CAN YOU CONTACT? With regards to other RiskSeal functionalities not detailed above, the online service providers who you interact with will qualify as the controller of your data. These online service providers will provide you further information in their own privacy notices on how their fraud prevention practices affect your personal data..
WHERE CAN YOU FIND INFORMATION ON OTHER RISKSEAL FUNCTIONALITIES? With regards to other RiskSeal functionalities not detailed above, the online service providers who you interact with will qualify as the controller of your data. These online service providers will provide you further information in their own privacy notices on how their fraud prevention practices affect your personal data.