Last updated: March 1st, 2018
We, at Riskified Ltd. (“Riskified”, “we”, “our”, or “us”) provide online merchants (“Merchant”) a service that helps them prevent fraudulent online transactions (“Fraud Prevention”). Such Merchants may be very much the one you are now placing an order on.
Merchants integrate our Fraud Prevention on their eCommerce websites and mobile apps where consumers like you place orders (“eCommerce Platform”). This enables us to collect personal data from you.
Please note that this Policy does not cover the practices or policies of Merchants, the eCommerce Platform, or other parties.
You are not obligated by law to provide us with your personal data, but the eCommerce Platform may require that you provide us your personal data in order for it to be able to consider or process the order you place.
- Your information is processed pursuant to your consent or the legitimate interests of the Merchant and of Riskified.
- We use the information first and foremost to analyze whether the transaction is fraudulent.
- We share your information mainly to operate the Fraud Prevention service. For that purpose, we may combine it with information from publicly available data sources or contract with third-parties for cross-referencing.
- The Merchant may use Riskified’s fraud assessment to decide whether to accept or decline your order based solely on automated processing.
- You may request access to your personal information or to have us update, correct, or delete such information, if the law provides you those rights.
- We may store and process information outside the country where you are located.
- We retain the personal data we collect only for as long as needed in order to comply with our obligations under this Policy.
INFORMATION WE COLLECT
Transaction Data. When you place an order with an eCommerce Platform we collect various data regarding your transaction such as your name, email, the items you purchased, price paid, shipping information, and (if you have one) basic information from your account on the eCommerce Platform. We also collect basic information about your payment and billing method, but do not collect or keep your complete credit card number.
Device data. We collect information about the personal computer or mobile device you use to access the eCommerce Platform including its model, its operating system, unique device identifiers, browser type, mobile network information, and the Internet Protocol (IP) address through which you accessed the eCommerce Platform.
Geo-location data. If you use the eCommerce Platform’s mobile app we collect your precise geo-location when you actively use the app. If you use the eCommerce Platform’s website we will collect your town-approximate geo-location.
Analytical data. We collect analytical data about your use of the eCommerce Platform. For example, we collect the frequency of your access to the eCommerce Platform as well as the pages and items on the eCommerce Platform that you viewed or interacted with.
Cross-references. We also cross-reference, verify, and enhance the accuracy of the data outlined above using publicly available third-party sources such as online search engines, online ‘white pages’, and online mapping services.
Inquiries. If you contact us for questions or complaints, we will collect the information related to your inquiry and to verify your identity. This may include your name, email address, postal address, telephone number and other contact information, depending on the nature of your inquiry.
USE OF COLLECTED INFORMATION
We, as the data controller, process your personal data pursuant to your consent or the legitimate interests of the Merchant. You may withdraw consent at any time, without affecting the lawfulness of data processing we carried out based on your consent before such withdrawal.
When you place an order on an eCommerce Platform we review the aggregate data of your activities across all the eCommerce Platforms of our Merchants as well as any other data collected. We use this data to provide the eCommerce Platform a fraud analysis indicating whether or not the order is, in our assessment, a fraudulent online transaction. It is then up to the eCommerce Platform at its own discretion, not us, , to accept and process your order or to decline it.
We also use the information we collect for the following purposes:
- Improving and enhancing Fraud Prevention and developing new services;
- Statistical analysis of consumers’ activities;
- Handling complaints;
- Enforcing this Policy and preventing misuse of the Fraud Prevention;
- Taking any action in any case of dispute involving you, with respect or in relation to Fraud Prevention; and
- Any other action that may be mandated by law or undertaken to protect our legal rights and property and those of third parties.
SHARING INFORMATION COLLECTED
We may share the information outlined in this Policy with others, in the following instances:
- In order to help us provide Fraud Prevention services, we may share information with our contractors and service providers
- We may share limited elements of the personal data we collect with a number of third parties and operators of online publicly available data sources (such as online search engines, online ‘white pages’, online mapping services etc.). We do this in order to cross-reference, verify, and enhance the accuracy of the data we collect.
- Those data sources may use the data we share with them for their own purposes, in accordance with their own policies.
- On rare occasions, we may share limited elements of your personal data with the Merchant with whom the transaction was made for review or audit purposes.
- Your personal data may be shared with third parties if we believe it is required by law or legitimate legal rights.
- We may share information if the operation of the Fraud Prevention service is organized within a different framework or through another legal structure or entity (i.e. due to a merger or acquisition).
- We may share personally identifiable information with our corporate group entities but their use of such information must comply with the Policy.
Several of these data sources are companies operating in countries outside your local territory or the European Economic Area, in legal environments that may not be adequate by EU data protection standards. You may opt-out of having your personal data shared with those data sources. However, opting out may prevent us from providing Fraud Prevention services and, as a result, use of the eCommerce Platform. To exercise this right please contact email@example.com.
AUTOMATED DECISION MAKING
The eCommerce Platform may, in its own discretion, use Riskified’s fraud assessment to make a decision on whether to accept or decline your order based solely on automated processing. Please direct inquiries concerning the decision about your order to the eCommerce Platform.
UPDATING, OBTAINING A COPY, OR DELETING YOUR PERSONAL INFORMATION
If the law grants you such rights, you may ask to access, correct, or delete your personal information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your personal data.
Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any personal data whose accuracy you contest while we verify the status of that data.
Subject to law, you may also be entitled to obtain the personal data you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit the data to another party.
If you wish to exercise any of these rights, contact us at: firstname.lastname@example.org. When handling these requests we may ask for additional information to confirm your identity and your request.
We may use the information we collect to compile aggregated, anonymized, or de-identified information. We may share such anonymized or de-identified information with any other third party, at our sole discretion.
TRANSFER OF DATA OUTSIDE YOUR TERRITORY
We may store and process information in the US, the EU, Israel, and in other countries. We may also process information using cloud services.
We frequently process information under arrangements aimed at providing an adequate level of data protection. This may include processing in countries that the EU has determined maintain adequate data protection, the use of model contract clauses, or other mechanisms.
However, in certain cases the laws in some of these countries may nevertheless provide a lesser degree of data protection than the laws of your own country. We may transfer your information to entities within other such countries for the purpose of processing as described in this policy
- We detailed which data points we collect to provide our Service, whether or not we share such data and with whom, what we use the data for, and how we use the data.
- We also provided you with a more detailed explanation as to your rights in connection with the data we collect and how you can contact us to make any required correction thereby allotting you greater control over your own personal information.
We implement measures to reduce risks stemming from loss of information, unauthorized access, or use of information. However, no measure can provide absolute information security.
We retain the personal data we collect only for as long as needed in order to provide the Fraud Prevention service or newly developed services under this Policy and comply with applicable laws and regulations. We then either delete from our systems or anonymize it without further notice to you.
If you withdraw your consent to us processing your data, we will erase your personal data from our systems (unless the data is required by Riskified to establish, exercise, or defend against legal claims).
POLICY REGARDING CHILDREN
We do not knowingly collect personal data from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, he or she should contact us at email@example.com. If we become aware that a child under the age of 13 has provided us with personal data, we will delete such information from our files unless required to maintain it for law-enforcement or legal purposes.
CHANGES TO THIS POLICY
If we materially change this Policy in a manner that adversely affects your rights or the protections afforded your personal data, we will affect such change only to personal data we collect after the Policy change unless you agree we treat the personal data previously collected in accordance with the new Policy.
We do not respond to browsers’ “Do Not Track” requests.
You may contact us with any questions or comments, at: firstname.lastname@example.org
Our postal address is: 30 Kalischer Street, Tel Aviv, Israel, postal code 6525724.
Effective date of the policy: June, 2017
Riskified Ltd. (“Riskified” “we”, “our” or “us”) respects the privacy of the users of its website at https://www.riskified.com (the “Site”) and is committed to protect the information it collects and/or is disclosed to it by the users of this Site (“users” or “you”).
Information we collect
Riskified collects information from our users at several different points on our Site. This may include internet traffic data such as a user’s IP address, domain server, type of computer, and type of web browser. This is anonymous information that does not personally identify a user but is helpful for marketing purposes or for improving a user’s experience on the Site.
In general, when you visit our Site you remain anonymous. However, some areas of our Site may require registration. Personal information such as a user’s name, address, contact information, and other personally-identifiable information (“Personal Information”) may be collected from you and stored in our databases when you register to the Site, request support, enter into a sales promotion, or otherwise interact with us (for example through the “contact us” option). It should be made clear that you have no legal obligation to provide us with any Personal Information and the submission of such information is entirely subject to your sole discretion and consent. However, if you do not provide us with the required information we may not be able to provide you with the information/services requested by you. Registered users may have a user name and password to access their information.
We may also collect statistical and other aggregated data related to your use of the Site or services thereon as well as information on Site usage patterns. This information is collected and used as non-individually identifiable information.
How we use information
We use information which does not identify individual users to analyze trends, administer the Site, improve our services, track users movements around the Site, and gather demographic information about our user base. We may use specific information collected to market directly to that person subject to requirements of applicable law. This non-personal information may be shared with third parties.
We compile and store data and information and generate reports related to our users’ access to and use of our Site and services.
To the extent required under applicable data processing laws and regulations any personal information that we collect may be stored in our database and will be used in accordance with such applicable laws and regulations.
We do not share, distribute, sell, or rent any of your Personal Information with/to third parties, except in the following circumstances:
- The information is required by law in order to prevent, investigate, or take action regarding illegal activities;
- In response to legal process, court orders, subpoenas;
- Orto establish or exercise our legal rights or defend against legal claims;
We may also request your permission to use your information in other ways. Such use is subject to your consent.
Any data processing performed by these third parties will, if and when required by law, be governed by a data processing agreement in the form required by law preserving your statutory data protection rights.
In the conduct of our business, we may sell certain of our assets. Information collected from users of the Site, including personal information, could be transferred as part of such transaction. By submitting your Personal Information through the Site, you agree that your information may be transferred to third parties under such circumstances.
You have the ability to opt out of receiving marketing communications from Riskified at any time. You can opt out by either changing your e-mail preferences or using the link provided at the bottom of each email message. You may not opt out of administrative emails (for example, emails about your transactions or policy changes) while you are a registered user.
We do not send emails to anyone without permission and we do not sell or rent email addresses to any unauthorized third party. If you believe that you have received an unsolicited email from us, please contact us at email@example.com and we will investigate.
Policy towards children
We do not knowingly collect personally identifiable information from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under the age of 13 has provided us with Personal Information, we will delete such information from our files.
We follow generally accepted industry standards and best practices to protect the Personal Information submitted to us, both during transmission and once we receive it. However, due to the nature of Internet communications and evolving technologies, unauthorized entry or use, hardware or software failure, or other factors the security of user information may be compromised at any time. No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of Personal Information and disclaim any assurance that such information will remain free from loss, misuse, or alteration by third parties who, despite our efforts, obtain unauthorized access.
Our Site may have links to the sites of other companies. We are not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies.
Update/delete user information
You can write to us at any time to obtain a copy of your information, have any inaccuracies corrected, or if you no longer desire our service (in which case we will endeavor to remove your personal data fron our systems). Where appropriate and required by law, you may have your Personal Information erased, rectified, amended, or completed. In order to contact us regarding your information please e-mail email@example.com.
To protect your privacy and security, we may take reasonable steps to verify your identity before granting access or making corrections.