We, at Riskified Ltd. (“Riskified”, “we”, “our”, or “us”) provide online merchants (“Merchant”) a service that helps them prevent fraudulent online transactions (“Fraud Prevention”). Such Merchants may be very much the one you are now placing an order on.
Merchants integrate our Fraud Prevention on their eCommerce websites and mobile apps where consumers like you place orders (“eCommerce Platform”). This enables us to collect personal data from you.
Please note that this Policy does not cover the practices or policies of Merchants, the eCommerce Platforms, or other parties.
You are not obligated by law to provide us with your personal data, but the eCommerce Platform may require that you provide us your personal data in order for it to be able to consider or process the order you place.
- We collect various information regarding your transaction, device data, geolocation data, analytical data and cross-referenced data.
- Your information is processed pursuant to your consent or the legitimate interests of the Merchant.
- We use the information first and foremost to analyze whether the transaction is fraudulent.
- We share your information mainly to operate the Fraud Prevention. For that purpose, we may share elements of the personal data we collect with third parties and operators of online publicly available data sources for cross-referencing purposes.
- The Merchant may use Riskified’s fraud assessment to decide whether to accept or decline your order based solely on automated processing.
- You may request access to your personal information, or to have us update, correct or delete such information, if the law provides you those rights.
- We may store and process information outside the country where you are located.
- We retain the personal data we collect only for as long as needed in order to comply with our obligations under this Policy.
- Our data protection officer can be contacted at email@example.com. You can also contact us at firstname.lastname@example.org.
INFORMATION WE COLLECT
Transaction Data. When you place an order with the eCommerce Platform, we collect various data regarding your transaction such as your name, email, the items you purchased, price paid, shipping information and basic information from your account on the eCommerce Platform (if you are registered with an account there ). We also collect basic information about your payment and billing method, but we do not collect or keep your complete credit card number.
Device data. We collect information about the personal computer or mobile device youuse to access the eCommerce Platform, including its model, its operating system, unique device identifiers, browser type, mobile network information and the Internet Protocol (IP) address through which you accessed the eCommerce Platform.
Geo-location data . If you use the eCommerce Platform’s mobile app we collect your precise geo-location when you actively use the app. If you use the eCommerce Platform’s website we will collect your town-approximate geo-location.
Analytical data . We collect analytical data about your use of the eCommerce Platform. For example, we collect the frequency of your access tothe eCommerce Platform, the pages and items on the eCommerce Platform that you viewed or interacted with.
Cross-references.We also cross-reference, verify and enhance the accuracy of the data outlined above, using publicly available third party sources such as online search engines, online ‘white pages’ and online mapping services.
Inquiries. If you contact us for questions or complaints, we will collect the information related to your inquiry. This may include your name, email address, postal address, telephone number and other contact information, depending on the nature of your inquiry.
USE OF COLLECTED INFORMATION
We, as the data controller, process your personal data pursuant to your consent or the legitimate interests of the Merchant. You may withdraw consent at any time, without affecting the lawfulness of data processing we carried out based on your consent before such withdrawal.
We use the information we collect for the following purposes:
- When you place an order on an eCommerce Platform we crunch the aggregate data of your activities across the eCommerce Platforms of all Merchants we operate. We use this data to provide the eCommerce Platform a fraud analysis indicating whether or not the order is, in our assessment, a fraudulent online transaction. It is then up to the eCommerce Platform, not us, to determine in its own discretion, whether to accept and process your order, or decline it.
- Improving and enhancing Fraud Prevention and developing new services.
- Statistical analysis of consumers’ activities.
- Handling complaints.
- Enforcing this Policy and preventing misuse of the Fraud Prevention.
- Taking any action in any case of dispute involving you, with respect or in relation to Fraud Prevention.
- As otherwise may be mandated by law or to protect our legal rights and property and those of third parties.
SHARING INFORMATION COLLECTED
We may share the information outlined in this Policy with others, in the following instances:
- We may share information with our contractors and service providers, in order to help us to provide Fraud Prevention. For example, we process the data using cloud service providers.
- We may share limited elements of the personal data we collect with a number of third parties and operators of online publicly available data sources (such as online search engines, online ‘white pages’, online mapping services etc.). We do this in order to cross-reference, verify and enhance the accuracyofthe data we collect.
- Those data sources may use the data we share with them for their own purposes, in accordance with their own policies.
- Several of these data sources are companies operating in countries outside your local territory or the European Economic Area, in legal environments that may not be adequate by EU data protection standards. You may opt-outofhaving your personal data shared with those data sources. To exercise this right please contact email@example.com
- In seldom occasions, we may share limited elements of your personal data with the Merchant with whom the transaction was made, for review or audit purposes.
- Your personal data may be shared with competent authorities and with any third party, if we believe it is required or is deemed justified by law to protect property or legitimate legal rights.
- We may share information if the operation of the Fraud Prevention is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition).
- We may share personally identifiable information with our corporate group entities, but their use of such information must comply with the Policy.
AUTOMATED DECISION MAKING
The eCommerce Platform may, in its own discretion, use Riskified’s fraud score assessment to make a decision on whether to accept or decline your order, based solely on automated processing. Please direct inquiries concerning the decision about your order to the eCommerce Platform.
ACCESSING, UPDATING OR DELETING YOUR PERSONAL INFORMATION AND OBTAINING A COPY OF IT
If the law grants you such rights, you may ask to access the personal information about you that is stored in our systems. You may also ask for our confirmation as to whether or not we process personal data concerning you.
Subject to the limitations in law, you may request that we update, correct or delete inaccurate or outdated information, and have us suspend the use of personal data whose accuracy you contest while we verify the status of that data.
Subject to law, you may also be entitled to obtain from usthe personaldata you directly provided us (excluding data we obtained from other sources) in a structured, commonly used and machine-readable format, and may have the right to transmit those data to another party.
If you wish to exercise any of these rights, contact us at: firstname.lastname@example.org. When handling these requests, we may ask for additional information to confirm your identity and your request.
We may usethe information we collect, as outlined above, to compile anonymized or de-identified information. We may share such anonymized or de-identified information with any other third party, at our sole discretion. However, we will not knowingly or intentionally share information that can be reasonably used to reveal your identity unless otherwise provided in this Policy.
TRANSFER OF DATA OUTSIDE YOUR TERRITORY
We may store and process information in the US, the EU, Israel and in other countries. We may also process information using cloud services.
We frequently process the information under arrangements aimed at providing an adequate level of data protection, which include EU decisions recognizing the adequacy of those countries and model contract clauses.
However, in certain cases the laws in some of these countries may nevertheless provide a lesser degree of data protection than the laws of your own country. You agree to the transfer of your information to such other countries for the purpose of processing as described in this Policy, including through cloud services.
- We detailed which data points we collect to provide our Service, whether or not we share such data and with whom, what we use the data for, and how.
- We also provided you with a more detailed explanation as to your rights in connection with the data we collect, and how you can contact us to make any required correction, thereby allotting you greater control over your own personal information.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, no measure can provide absolute information security.
We retain the personal data we collect only for as long as needed in order to provide the Fraud Prevention or newly developed services under this Policy and compliance with applicable laws. We then either delete from our systems or anonymize it, without further notice to you.
If you withdraw your consent to us processing your data, we will erase your personal data from our systems (unless the data is required for Riskified to establish, exercise or defend against legal claims).
POLICY REGARDING CHILDREN
We do not knowingly collect personal data from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, he or she should contact us at email@example.com. If we become aware that a child under the age of 13 has provided us with personal data, we will delete such information from our files.
CHANGES TO THIS POLICY
If we materially change this Policy in an adversely restrictive manner to your personal data, we will affect such change only to personal data we collect after the Policy change, unless you agree we treat the personal data previously collected in accordance with the new Policy.
We do not respond to browsers’ “Do Not Track” requests.
You may have a right to submit a complaint to the relevant supervisory data protection authority, pursuant to the law.
You may contact us with any questions or comments, at: firstname.lastname@example.org
Our postal address is: 30 Kalischer Street, Tel Aviv, Israel, postal code 6525724.
Riskified Ltd. (“Riskified” “we”, “our” or “us”) respects the privacy of the users of its website at https://www.riskified.com (the “Site”) and is committed to protect the information it collects and/or is disclosed to it by the users of this Site (“users” or “you”).
Information we collect
Riskified collects information from our users at several different points on our Site. This may include traffic data including a user’s IP address, domain server, type of computer, and type of web browser. This is anonymous information that does not personally identify a user but is helpful for marketing purposes or for improving a user’s experience on the Site.
In general, when you visit our Site you remain anonymous. Some areas of our Site may however require registration. Personal information, such as a user’s name, address, contact information and other personally-identifiable information (“Personal Information”) may be collected from you and stored in our databases, typically when you register to the Site, request support enter into a sales promotion or otherwise interact with us (for example through the “contact us” option). It should be made clear that you have no legal obligation to provide us with any Personal Information and the submission of such information is entirely subject to your sole discretion and consent. However if you will not provide us with the required information we may not be able to provide you with the information/services requested by you. Registered users may have a user name and password to access their information.
We may also collect statistical and other data related to your use of the Site or services thereon as well as information on Site usage patterns. This information is collected and used as non-individually identifiable information.
How we use information
We use information which does not identify individual users, to analyze trends, to administer the Site and improve our services, to track users movements around the Site and to gather demographic information about our user base as a whole. We may use the information collected to market directly to that person subject to requirements of applicable law. This non personal information may be shared with third parties.
We compile and store data and information and generate reports related to our users’ access to and use of our Site and services.
To the extent required under applicable data processing laws and regulations, any personal information that we collect will be stored in our database and will be used in accordance with such applicable laws and regulations.
We do not share, distribute, sell or rent any of your Personal Information with/to third parties, except in the following circumstances:
If the information is required by law in order to prevent, investigate, or take action regarding illegal activities. In addition, we will share information in response to legal process, court orders, subpoenas, or to establish or exercise our legal rights or defend against legal claims;
If we have your permission to do so.
Any data processing performed by these third parties will, if and when required by law, be governed by a data processing agreement in the form required by law, preserving your statutory data protection rights.
In the conduct of our business, we may sell certain of our assets. Information collected from users of the Site, including personal information, could be transferred as part of such transaction. By submitting your Personal Information through the Site, you agree that your information may be transferred to third parties under such or similar circumstances.
At any time, you have the ability to opt out of receiving marketing communications from Riskified, but you may not opt out of administrative emails (for example, emails about your transactions or policy changes) while you are a registered user. You can opt out by either changing your e-mail preferences or using the link provided at the bottom of each email message.
We do not send emails to anyone without permission, and we do not sell or rent email addresses to any unauthorized third party. This does not mean that we can prevent spam from happening on the Internet. If you believe that you have received an unsolicited email from us, please contact us at the e-mail below and we will investigate.
Policy towards children
We do not knowingly collect personally identifiable information from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at email@example.com. If we become aware that a child under the age of 13 has provided us with Personal Information, we will delete such information from our files.
We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it. However, due to the nature of Internet communications and evolving technologies, unauthorized entry or use, hardware or software failure, and other factors, the security of user information may be compromised at any time. No method of transmission over the Internet, or method of electronic storage, is 100% secure.
Therefore, we cannot guarantee the absolute security of Personal Information and disclaim any assurance that such information will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
Our Site may have links to the sites of other companies. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies.
Update/delete user information
You can write to us at any time to obtain a copy of your information and to have any inaccuracies corrected or if you no longer desire our service (in which case we will endeavour to remove your personal data provided to us). Where appropriate, you may have your Personal Information erased, rectified, amended or completed. In order to contact us regarding your information please e-mail firstname.lastname@example.org.
To protect your privacy and security, we may take reasonable steps to verify your identity before granting access or making corrections, however, you should protect your password from disclosure because anyone who gains access to your password may have access to, and may edit, your profile.