GDPR Privacy Notice
Table of Contents
- GDPR PRIVACY NOTICE
- Privacy Notice for California Residents
- Retention Information
Pindrop Security, Inc. and its affiliates (“Pindrop,” “We,” “Us”) believes it is important that you understand how Pindrop collects, stores, shares, and uses information from and about our website visitors, customers, job applicants, vendors, and in limited cases described here information about persons interacting with our customers (referred to as ‘customer users’ in this notice). This GDPR Privacy Notice (“notice”) provides information about our collection, use, and disclosure of personal data collected through the Site or in the course of our business activities conducted in the European Economic Area and the United Kingdom when our processing is governed by the General Data Protection Regulation (“GDPR”). For the purposes of this notice, “personal data” will have the same meaning as adopted by the GDPR, defined as any information relating to an identified or identifiable natural person. This notice does not apply to the information collected, stored, shared, or distributed by third-party sites. This notice may be updated from time to time.
INFORMATION WE COLLECT AUTOMATICALLY
When you visit our Site, our server automatically collects certain browser or device-generated information which may, in some cases, constitute personal data, including but not limited to, the following:
- your domain;
- your IP address;
- the date, time, and duration of your visit;
- your browser type;
- your operating system;
- your page visits;
- information from third parties;
- other information about your computer or device; and
- Internet traffic.
We do not use this automatically collected information to try to identify you by name, and we do not associate it with the information you provide voluntarily, as detailed below.
INFORMATION YOU PROVIDE
In order to access or use certain portions of the Site or enjoy the full functionality of the Site, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us in the following ways:
- by filling in forms (e.g., a ‘Contact Us’ form) on our Site, at a trade show, or anywhere else we conduct business;
- by downloading documentation from our Site;
- by subscribing to newsletters or other communications;
- by corresponding with us by phone or e-mail or by otherwise using our contact details; or
- by applying for a job, work placement, or internship over our recruitment platform, in relation to which you should also refer to the specific privacy notices made available to you during the recruitment process.
Typically, the personal data you give us may include name, business affiliation, business address, telephone number, and email address, and any personal details required to resolve any enquiries or complaints. Where you are applying for a job, work placement, or internship, you will be asked to provide certain additional information, for example about your education, employment history, and right to work, pursuant to a specific privacy notice for job candidates.
This information is required to enter into a contract with you (e.g., in anticipation of an employment contract or a services agreement) or provide services at your request, and failure to provide any information may result in our inability to provide requested solutions or services or consider your application for employment.
We may also obtain business contact information about you from third parties, including publicly accessible sources.
INFORMATION PROVIDED TO US BY CUSTOMERS
When our customers purchase our authentication and anti-fraud solutions, they may provide us with your personal data and ask us to process that data at their direction, as a processor on their behalf. This personal data may include a telephone number and it may include data elements extracted from the audio portion of your calls with the customer’s service center. Where we are acting as a processor to our customers, our customer’s privacy notice and/or their agreement with you will dictate the scope and manner of processing. Customers may also provide us with telephone numbers of customer users when customers have confirmed that the numbers were used to defraud or attempt to defraud customers, so that we may use the numbers to provide services to other customers.
COOKIES AND TRACKING MECHANISMS
USE OF PERSONAL DATA
The following is an overview of our purposes for using your personal data. Additional details on how we process your personal data may be provided to you in a separate notice or contract.
All processing (i.e., use) of your personal data is justified by a legal basis for processing. In addition, processing of sensitive personal data is always specifically justified.
We use the personal data we collect for the following purposes, justified by the following legal bases:
- Processing is necessary to perform a contract with you or take steps to enter into a contract at your request: to process and complete certain transactions involving the Site, and more generally transactions involving Pindrop’s solutions and services; to engage you about events, promotions, the Site, and Pindrop’s solutions and services; to provide you with documentation or communications which you have requested; to correspond with users to resolve their queries or complaints; to support and manage a recruitment, work placement, or internship process, including considering applications and making offers; to provide you with any solutions or services you request.
- Processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using supplier, customer, customer client, customer user, and website user data to conduct and develop our business activities with them and with others: to operate, evaluate, maintain, improve, and develop the Site (including by monitoring and analyzing trends, access to, and use of the Site for advertising and marketing); to evaluate, improve, and develop our solutions and services generally; to customize our Site to users’ needs; where not otherwise required by European Union (“EU”) or UK law (as applicable), to protect and ensure safety of the Site, Pindrop confidential and proprietary information, and Pindrop employees; to provide our anti-fraud solution and service based on telephone numbers customers have confirmed as having been used by customer users to defraud or attempt to defraud them; to manage, protect against, and investigate fraud, risk exposure, claims, and other liabilities (including potential or actual disputes), including but not limited to violation of our contract terms or laws or regulations; to prepare for or participate in a potential or actual sale or merger of our company or any of our assets, or those of any affiliated company, or any financing thereof; personal data held by use about our users may be one of the transferred assets.
- You have consented to the processing: to send you marketing communications, where your consent is required by law.
- Processing is necessary for us to comply with a relevant EU or UK legal obligation: to protect and ensure safety of the Site, Pindrop confidential and proprietary information, and Pindrop employees; to manage, protect against, and investigate fraud, risk exposure, claims, and other liabilities (including potential or actual disputes), including but not limited to violation of our contract terms or laws or regulations.
SHARING OF PERSONAL DATA
From time to time, it will be necessary to share your personal data with our related entities. Pindrop may also appoint third-party service providers (who will operate under our instructions) to assist us in providing information, solutions or services to you, in conducting and managing our business, or in managing and improving our solutions, services, or the Site. Pindrop may share your personal data with these related entities and third-party service providers to perform services that these parties have been engaged by Pindrop to perform on Pindrop’s behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or we believe that the disclosure will further an investigation of suspected or actual illegal activities.
Pindrop reserves the right to share any information that you provide that is not deemed personal data or is not otherwise subject to contractual restrictions.
Your personal data is transferred outside the EU or UK to other Pindrop group companies and to third-party service providers located in the EU, US, UK and —-, the US [and —-] have not received an adequacy decision from the European Commission; the UK received such an adequacy decision in June 2021. When we transfer your data outside the EU or UK, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU or UK, including by entering into data transfer agreements, or using the European Commission-approved Standard Contractual Clauses or their UK equivalent. For transfers to Pindrop in the US, we rely on European Commission-approved Standard Contractual Clauses, which protect personal data transferred between Pindrop entities. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU or UK by contacting [email protected].
We may share your personal data with third parties in connection with potential or actual sale or merger of our company or any of our assets, or those of any affiliated company (in which case personal data held by us about our users may be one of the transferred assets) or in connection with a financing.
RETENTION OF PERSONAL DATA
We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. We typically retain certain elements of your personal data for a period of time corresponding to a statute of limitation, for example to maintain an accurate record of your dealings with us, such as pursuant to a contract so that we can raise or defend a legal claim. In some circumstances we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal requirements, where it is necessary for the establishment, exercise or defense of legal claims, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.
In some circumstances, we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Subject to applicable law and as explained in this section, you have certain rights with respect to your personal data.
- Right of Access, Rectification, and Erasure. You have the right to request access to and obtain a copy of any of your personal data that we may hold, to request correction of any inaccurate data relating to you, and to request the deletion of your personal data under certain circumstances.
- Right to Withdraw Consent. Where applicable, you have the right to withdraw your consent to the processing of your personal data at any time (without affecting the lawfulness of processing based on your consent before your withdrawal). For example, if you wish to opt out of receiving electronic marketing communications, use the ‘unsubscribe’ link provided in our emails or otherwise contact us directly and we will stop sending you such communications.
- Data Portability. Where we are relying upon your consent as the justification for processing, or the fact that the processing is necessary to perform a contract to which you are party, or to take steps at your request prior to entering a contract and the personal data is processed by automated means, you have the right to receive all such personal data which you have provided us in a structured, commonly used, and machine-readable format and also to require us to transmit it to another controller where this is technically feasible.
- Right to Restriction of Processing. You have the right to restrict our processing of your personal data (that is, allow only its storage) where:
- you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
- where the processing is unlawful but you do not want us to erase the personal data;
- where we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise, or defense of legal claims; or
- where you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing.
Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise, or defense of legal claims.
- Right to object to processing (including profiling) based on legitimate interest grounds. Where we are relying upon legitimate interests to process personal data, you have the right to object to that processing on grounds relating to your particular situation. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or we need to process the personal data for the establishment, exercise, or defense of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds but we will consider each case on an individual basis.
- Right to object to direct marketing (including profiling). You have the right to object to our use of your personal data (including profiling) for direct marketing purposes, such as when we use your personal data to invite you to our events.
Please contact us as indicated in “GDPR Contact Information” section if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your personal data.
You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of alleged infringement, if you consider that the processing of your personal data infringes applicable law.
CHANGES TO THIS GDPR PRIVACY NOTICE
Any changes or updates we may make to this notice will be posted on this page in advance. If we have your email on file, as described in the “Use of Personal Data” section, we will notify you in advance of any changes to this notice that are material or may impact you. For other changes, please check back frequently to see any updates or changes to this notice.
Prior versions of Pindrop’s privacy statements can be made available upon request by emailing [email protected].
GDPR CONTACT INFORMATION
Pindrop Security, Inc.
1115 Howell Mill Road, Suite 700
Atlanta, GA 30318
UK and EEA Representatives for Pindrop:
- Pindrop Security UK Ltd
201 City Road, 2nd Fl.
Old Street Works
London, England EC1V 1JN
- Pindrop Security SAS
3-5 rue Saint-Georges,
75009 Paris, France
GDPR Data Protection Officer: Rehan S. Haque, CIPP/EU, CIPM
If you have any questions in relation to this notice or you wish to exercise any of your rights, please contact us at: [email protected]
Effective Date: March 1, 2022