GDPR Privacy Notice


INTRODUCTION

Pindrop (“Pindrop,” “We,” “Us”) believes it is important that you understand how Pindrop collects, stores, shares, and uses information from and about our website visitors, customers, and vendors. This GDPR Privacy Notice (“notice”) provides additional information about our collection, use, and disclosure of personal data collected through the Site or in the course of our business activities conducted in the European Economic Area and the United Kingdom when our processing is governed by the General Data Protection Regulation (“GDPR”). For the purposes of this notice, “personal data” will have the same meaning as adopted by the GDPR, defined as any information relating to an identified or identifiable natural person. This notice does not apply to the information collected, stored, shared, or distributed by third-party sites. This notice may be updated from time to time.

INFORMATION WE COLLECT AUTOMATICALLY

When you visit our Site, our server automatically collects certain browser or device-generated information which may, in some cases, constitute personal data, including but not limited to, the following:

  • your domain;
  • your IP address;
  • the date, time, and duration of your visit;
  • your browser type;
  • your operating system;
  • your page visits;
  • information from third parties;
  • other information about your computer or device; and
  • Internet traffic.

We do not use this automatically collected information to try to identify you by name, and we do not associate it with the information you provide voluntarily, as detailed below.

INFORMATION YOU PROVIDE

In order to access or use certain portions of the Site or enjoy the full functionality of the Site, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us in the following ways:

  • by filling in forms (e.g., a ‘Contact Us’ form) on our Site, at a trade show, or anywhere else we conduct business;
  • by downloading documentation from our Site;
  • by subscribing to newsletters or other communications;
  • by corresponding with us by phone or e-mail or by otherwise using our contact details; or
  • by applying for a job, work placement, or internship over our recruitment platform, in relation to which you should also refer to the specific privacy notices made available to you during the recruitment process.

Typically, the personal data you give us may include name, business affiliation, business address, telephone number, and email address, and any personal details required to resolve any enquiries or complaints. Where you are applying for a job, work placement, or internship, you will be asked to provide certain additional information, for example about your education, employment history, and right to work, pursuant to a specific privacy notice for job candidates.

This information is required to enter into a contract with you (e.g., in anticipation of an employment contract or a services agreement) or provide services at your request, and failure to provide any information may result in our inability to provide requested solutions or services or consider your application for employment.

We may also obtain personal data about you from third parties, including publicly accessible sources.

INFORMATION PROVIDED TO US

When our customers purchase our authentication and anti-fraud solutions, they may provide us with your personal data and ask us to process that data at their direction, as a processor on their behalf. This personal data may include a telephone number and it may include data elements extracted from the audio portion of your calls with the customer’s service center. Where we are acting as a processor to our customers, our customer’s privacy notice and/or their agreement with you will dictate the scope and manner of processing. Customers may also provide us with telephone numbers they have confirmed as having been used to defraud or attempt to defraud them so that we may use them to provide services to other customers.

COOKIES AND TRACKING MECHANISMS

Our Site uses cookies and other tracking mechanisms. More information about our use of these mechanisms can be found in our cookie notice available here.



USE OF PERSONAL DATA

The following is an overview of our purposes for using your personal data. Additional details on how we process your personal data may be provided to you in a separate notice or contract.

All processing (i.e., use) of your personal data is justified by a legal basis for processing. In addition, processing of sensitive personal data is always specifically justified.

We use the personal data we collect for the following purposes, justified by the following legal bases:

  • Processing is necessary to perform a contract with you or take steps to enter into a contract at your request: process and complete certain transactions involving the Site, and more generally transactions involving Pindrop’s solutions and services; engage you about events, promotions, the Site, and Pindrop’s solutions and services; provide you with documentation or communications which you have requested; correspond with users to resolve their queries or complaints; support and manage a recruitment, work placement, or internship process, including considering applications and making offers; provide you with any solutions or services you request.
  • Processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using supplier, customer, customer client, customer user, and website user data to conduct and develop our business activities with them and with others: operate, evaluate, maintain, improve, and develop the Site (including by monitoring and analyzing trends, access to, and use of the Site for advertising and marketing); evaluate, improve, and develop our solutions and services generally; customize our Site to users’ needs; where not otherwise required by European Union (“EU”) law, protect and ensure safety of the Site, Pindrop confidential and proprietary information, and Pindrop employees; provide our anti-fraud solution and service based on telephone numbers customers have confirmed as having been used to defraud or attempt to defraud them; manage, protect against, and investigate fraud, risk exposure, claims, and other liabilities, including but not limited to violation of our contract terms or laws or regulations.
  • You have consented to the processing: send you marketing communications, where your consent is required by law.
  • Processing is necessary for us to comply with a relevant legal obligation: protect and ensure safety of the Site, Pindrop confidential and proprietary information, and Pindrop employees; manage, protect against, and investigate fraud, risk exposure, claims, and other liabilities, including but not limited to violation of our contract terms or laws or regulations.

DISCLOSURE OF PERSONAL DATA

From time to time, it will be necessary to share your personal data with our related entities. Pindrop may also appoint third-party service providers (who will operate under our instructions) to assist us in providing information, solutions or services to you, in conducting and managing our business, or in managing and improving our solutions, services, or the Site. Pindrop may share your personal data with these related entities and third-party service providers to perform services that these parties have been engaged by Pindrop to perform on Pindrop’s behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or we believe that the disclosure will further an investigation of suspected or actual illegal activities.

Pindrop reserves the right to share any information that you provide that is not deemed personal data or is not otherwise subject to contractual restrictions.

If your personal data is transferred outside the EU to other Pindrop group companies or to third-party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, using the European Commission-approved Standard Contractual Clauses, or by relying on certification schemes such as the EU – US Privacy Shield. For transfers to Pindrop in the US, we rely on European Commission-approved Standard Contractual Clauses, which protect personal data transferred between Pindrop entities. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting [email protected].

We may share your personal data with third parties in connection with potential or actual sale or merger of our company or any of our assets, or those of any affiliated company, in which case personal data held by us about our users may be one of the transferred assets.

YOUR RIGHTS

Subject to applicable law and as explained in this section, you have certain rights with respect to your personal data.

  • Right of Access, Rectification, and Erasure. You have the right to request access to and obtain a copy of any of your personal data that we may hold, to request correction of any inaccurate data relating to you, and to request the deletion of your personal data under certain circumstances.
  • Right to Withdraw Consent. Where applicable, you have the right to withdraw your consent to the processing of your personal data at any time. For example, if you wish to opt out of receiving electronic marketing communications, use the ‘unsubscribe’ link provided in our emails or otherwise contact us directly and we will stop sending you such communications.
  • Data Portability. Where we are relying upon your consent as the justification for processing, or the fact that the processing is necessary to perform a contract to which you are party, or to take steps at your request prior to entering a contract and the personal data is processed by automated means, you have the right to receive all such personal data which you have provided us in a structured, commonly used, and machine-readable format and also to require us to transmit it to another controller where this is technically feasible.
  • Right to Restriction of Processing. You have the right to restrict our processing of your personal data (that is, allow only its storage) where:
    • you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
    • where the processing is unlawful but you do not want us to erase the personal data;
    • where we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise, or defense of legal claims; or
    • where you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing.

Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise, or defense of legal claims.

  • Right to Lodge a Complaint. You have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of alleged infringement, if you consider that the processing of your personal data infringes applicable law.
  • Right to object to processing (including profiling) based on legitimate interest grounds. Where we are relying upon legitimate interests to process personal data, you have the right to object to that processing on grounds relating to your particular situation. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or we need to process the personal data for the establishment, exercise, or defense of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds but we will consider each case on an individual basis.
  • Right to object to direct marketing (including profiling). You have the right to object to our use of your personal data (including profiling) for direct marketing purposes, such as when we use your personal data to invite you to our events.

Please contact us as indicated in “GDPR Contact Information” section if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your personal data.

CHANGES TO THIS GDPR PRIVACY NOTICE

Any changes or updates we may make to this notice will be posted on this page in advance. If we have your email on file, as described in the “Use of Personal Data” section, we will notify you in advance of any changes to this notice that are material or may impact you. For other changes, please check back frequently to see any updates or changes to this notice.

GDPR CONTACT INFORMATION

If you have any questions in relation to this notice or you wish to exercise any of your rights, please contact us at: [email protected]

Effective date: April 2, 2020