At Riskified, Inc., together with our affiliates, “Riskified”, “we”, “our”, or “us”), we provide online merchants (“Merchants”) with a service that helps them to prevent fraudulent online transactions (the “Fraud Prevention” service). We also may provide you with an alternative payment service (the “Deco” service) that allows you to finalize your purchase with a Merchant even when your original payment method is declined by the Merchant. You may now or in the future place an order with such a Merchant.
Merchants integrate our Fraud Prevention and Deco services on their eCommerce websites and mobile apps, where consumers like you place orders (“eCommerce Platforms”). This requires us to collect personal data from you to provide Fraud Prevention services to the Merchant and/or to provide Deco services to you.
Please note that this Policy does not cover the practices or policies of Merchants, the eCommerce Platform(s), or any other party that may have access to your personal information. To the extent that we provide your personal information to our agents or service providers, we will take what we believe to be commercially reasonable steps to ensure that they safeguard such information and use it only for the intended purposes. However, we are not responsible for the practices employed by any third party website that we may link to, nor for the information or content contained therein. We encourage you to review the privacy statements of such other websites to understand their information practices and terms of service.
You are not obligated by law to provide us with your personal data, but an eCommerce Platform may require that you provide us with your personal data in order for it to be able to consider or process the order you place, or to be able to provide the Deco service.
Transaction Data. When you place an order with the eCommerce Platform, we collect various data regarding your transaction, such as your name, email, the items you purchased, price paid, shipping information and basic information from your account on the eCommerce Platform (if you are registered with an account there). We also collect basic information about your payment and billing method, but we do not collect or keep your complete credit card number. For Deco verification and payment purposes, we may also collect your date of birth, login credentials for online access to your bank account, your bank routing number, and bank account number. This transaction data collected for Deco verification and payment purposes is encrypted prior to being sent to our payment service providers and thereafter not retained or used by Riskified.
Device data. We collect information about the personal computer or mobile device you use to access the eCommerce Platform, including its model, its operating system, unique device identifiers, browser type, mobile network information and the Internet Protocol (“IP”) address through which you accessed the eCommerce Platform.
Geo-location data. If you use the eCommerce Platform’s mobile app, we collect your precise geo-location when you actively use the app. If you use the eCommerce Platform’s website we will collect your town-approximate geo-location.
Analytical data. We collect analytical data about your use of the eCommerce Platform. For example, we collect the frequency of your access to the eCommerce Platform, the pages and items on the eCommerce Platform that you viewed or interacted with.
Cookies. We may use “cookies” to collect some of the preceding information. A cookie is a piece of data stored on your hard drive to help us improve your access to our Website and identify repeat visitors to the Website. For instance, when we use a cookie to identify you, you would not have to log in a password more than once. Cookies also can enable us to track and target the interests of our users to enhance the experience on our site. Cookies also may be used to limit the number of times you are shown a particular ad.
From time-to-time, we may engage third parties to track and analyze non-personally identifiable usage and volume statistical information from individuals who visit our Services.
You also may see advertisements when you use our Site. These advertisements are for our own products or services or for products and services offered by third parties. Which advertisements you see is often determined using the information that we, our service providers, and other companies that we work with have about you, including information about your relationships with us. To that end, where permitted by applicable law, we may share with others the information that we collect from and about you.
Cross-references. We also cross-reference, verify and enhance the accuracy of the data outlined above, using third party sources such as online search engines, online ‘white pages’ and online mapping services.
Inquiries. If you contact us for questions or complaints, we will collect the information related to your inquiry. This may include your name, email address, postal address, telephone number and other contact information, depending on the nature of your inquiry.
We, as a data controller, process your personal data pursuant to our legitimate interests while Merchants may, where relevant, rely on legitimate interests or consent to process your personal data.
We use the information we collect for the following purposes:
We may share the information outlined in this Policy with others, in the following instances:
The eCommerce Platform may, in its own discretion, use Fraud Prevention to make a decision on whether to accept or decline your order, based solely on automated processing. Please direct inquiries concerning the decision about your order to the eCommerce Platform.
If the law grants you such rights, you may ask to access the personal information about you that is stored in our systems. You may also ask for our confirmation as to whether or not we process personal data concerning you.
Subject to the limitations in law, you may request that we update, correct or delete inaccurate or outdated information, and have us suspend the use of personal data whose accuracy you contest while we verify the status of that data.
Subject to law, you may also be entitled to obtain from us the personal data you directly provided us (excluding data we obtained from other sources) in a structured, commonly used and machine-readable format, and may have the right to transmit those data to another party.
If you wish to exercise any of these rights, contact us at: firstname.lastname@example.org. When handling these requests, we may ask for additional information to confirm your identity and your request.
We may use the information we collect, as outlined above, to compile anonymized or de-identified information. We may share such anonymized or de-identified information with any other third party, at our sole discretion. However, we will not knowingly or intentionally share information that can be reasonably used to reveal your identity except as provided in this Policy.
We care about the security of your information and use what we believe to be commercially reasonable safeguards to preserve the integrity and security of personal information.
Please be advised, however, that no security measure, system, or control is infallible. We accordingly do not guarantee that personal information may not be accessed, disclosed, altered, or destroyed and disclaim any express or implied warranties, duties or conditions in that regard. If any applicable law imposes on us a duty with respect to these matters that cannot be disclaimed, you acknowledge and agree that our commercially reasonable precautions shall be considered to satisfy that duty unless (and only unless) we have engaged in willful misconduct.
In the event that the security of any personal information under our control is compromised, we will take reasonable steps to investigate and mitigate the situation, including, when and where appropriate, by notifying those individuals whose personal information may have been compromised and taking other steps in accordance with applicable laws and regulations.
We retain the personal data we collect only for as long as needed in order to provide the Fraud Prevention, Deco, or newly developed services under this Policy and compliance with applicable laws. We then either delete from our systems or anonymize it, without further notice to you.
We do not knowingly collect personal data from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, he or she should contact us at email@example.com. If we become aware that a child under the age of 13 has provided us with personal data, we will delete such information from our files.
We may modify or update this Policy from time to time to reflect the changes in our business and practices. We encourage you to review this Policy whenever you use our services in order to stay informed about our information practices.
To the extent not prohibited by law, any amendment or update to this Policy will apply to personal information that we already have collected and to any personal information that we subsequently may obtain. When required by applicable law, however, we may provide you with advance notice of any changes to this Policy and with an opportunity to object to such changes. If you exercise your right to object, the changes will not become effective with respect to your personal information, but your ability to use our services may be terminated or impaired. We will explicitly notify you of the consequences of objection or non-objection to the extent and in the manner required by law.
We do not respond to browsers’ “Do Not Track” requests.
You may have a right to submit a complaint to the relevant supervisory data protection authority, pursuant to the law.
You may contact us with any questions or comments, at: firstname.lastname@example.org. Our postal address is: 30 Kalisher Street, Tel Aviv, Israel, postal code 6525724.
Effective date of the policy: [DATE]
Last Updated: May 15, 2019
This notice applies to a U.S. consumer’s use of the Deco service to complete a transaction on a Merchant’s eCommerce Platform for personal, family, or household purposes.
WHAT DOES RISKIFIED DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
All financial companies need to share personal information to run their everyday business. In the section below, we list the reasons financial companies can share their personal information; the reasons Riskified chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information
Does Riskified share?
Can you limit this sharing?
For our everyday business purposes —such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
For our marketing purposes — to offer our products and services to you
For joint marketing with other financial companies
We don’t share
For our affiliates’ everyday business purposes — information about your transactions and experiences
For our affiliates’ everyday business purposes — information about your creditworthiness
For our affiliates to market to you
For nonaffiliates to market to you
We don’t share
Go to www.decopayments.com.
How does Riskified protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Riskified collect my personal information?
We collect your personal information, for example, when you
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
For California Residents
We will not share personal information with affiliates or nonaffiliates except as permitted by California law, such as to process your transaction or with your consent.
For Vermont Residents
We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. Additional information concerning our privacy policies can be found at www.decopayments.com.