Effective Date: December 1, 2020
This Privacy & Cookies Policy is also available in: Danish (Dansk), Dutch (Nederlandse), European French (Européen Français), Finnish (Suomen), French Canadian (Français Canadian), German (Deutsch), Italian (Italiano), Norwegian (Norsk), Polish (Polska), Portuguese (Portugues), Spanish - Latin America (Español – America Latina), Spanish - Spain (Español - España), Swedish (Svenska), and Turkish (Türk).
This Privacy and Cookies Policy applies to all ‘personal information’ (in some countries referred to as ‘personal data’) collected from subscribers (individual – and corporate) in connection with our Dark Web Monitoring, Social Media Monitoring and/or Identity Restoration services, (“Services”) and your access to our Web Portal. It sets out what personal information we collect, use, share and secure or otherwise process about you, the reasons for this processing and the lawful basis for it in the course of providing the Services and your choices regarding use, access, correction and other rights in relation to your personal information.
We mean individuals applying either directly to us for our services, or to services offered by a client of ours who has arranged that the subscriber can use some or all of our services (“Client”). This might include children whose personal information is provided to us by subscribers (or by our Client), in connection with our Dark Web Monitoring Service (“Family Subscription”).
We mean employees, partners and directors (“Staff”) of businesses outside of the United States, where the business is a subscriber applying to use our Services.
together “you” and “your” for the purpose of this Privacy & Cookies Policy.
Not all of our Services are available to all subscribers. You should read this Privacy and Cookies Policy carefully to understand how we process your personal information in relation to the Services you use.
Although that company acts on behalf of us the processing of your personal information is carried out by us as described in this Policy.
Please refer to the version of this Privacy and Cookies Policy that we have developed for children in the Experian Privacy and Cookies Policy (version for children) – Dark Web Monitoring Service section below.
When we refer to Experian in this Privacy and Cookies Policy we mean CSIdentity Corporation, Inc, an Experian company and also known as Experian Partner Solutions, with its principal office at 1501 South Mopac Expressway, Suite 200, Austin, TX 78746, United States (hereinafter “Experian”, “we”, “us” and “our” for the purposes of this Policy)
Experian is part of a group of companies whose parent company is listed on the London Stock Exchange (EXPN) as Experian plc. The Experian group of companies has its corporate HQ in Dublin, Ireland, and its operational HQs in Costa Mesa, California and Nottingham, UK. You can find out more about the Experian group on our website at www.experianplc.com.
Experian, as your Controller respects the privacy and values the confidence, of our subscribers. The term “Controller” is used in European Union (“EU”) data privacy law meaning that we are responsible for determining how and why your personal information is processed. Data privacy laws in many other regions have a similar responsibility role and therefore we use this term ‘Controller’ in this Privacy and Cookies Policy to include the equivalent term/concept in other applicable data privacy laws.
By using the Services, you acknowledge and agree that you have read and understood the personal information practices described in this Privacy and Cookies Policy. If you do not agree, please do not use the Services.
In order to provide the Services, we ask that you provide certain personal information from which you can be identified. The personal information requested will differ depending upon which of our Services you are using, as set out below. In limited circumstances, this may include special category or sensitive personal information. We may also collect or create personal information about you in the course of performing our Services, operating our Web Portal, operating our business and complying with legal obligations. The descriptions of our processing of personal information below which are relevant to you are those which relate to the Services you use.
Our Web Portal is the gateway via which you can access our other Services, to the extent you are entitled to use those other Services. If you are entitled to access the Web Portal, you will have been provided with an activation code by our relevant third party Client who has arranged for you to use our Services, or that Client will have provided alternative registration webpages to establish the entitlement to receive the relevant Services we provide. In this initial set up process you will create an account log-in, set a password and provide your name and email address – all of which will constitute personal information about you (“Account Set Up Data”). We will collect this Account Set Up Data directly from you or, where relevant, from our Client. We will use this Account Set Up Data to enable you to access the Web Portal on subsequent visits.
This Service is available to all subscribers to our Services. In order to provide this Service to you we collect compromised personal information from a number of different internet sources upon which compromised information is shared (e.g. forums and/or social media groups for sharing compromised information) and hold it on our database (the “Database”).
The personal information which, you (or they) may provide to us (via our Web Portal) in order for us to search for matches in our Database may include some or all of the following:
Where you have provided us with the above personal information, and we find matches in our Database, we will send you an alert (via email) to notify you of that.
Where you are an EU/United Kingdom (“UK”) resident, please also see the section in relation to Special Category Personal Information processed by us in relation to this Service.
Not all subscribers are eligible to receive this Service. If you are eligible and want to use this service you will need to provide us with your relevant social media account log-in credentials (log-in details and password via a widget). Please note that this Service will be set to “off” by default until you enter the details referred to above and select “on”. Once activated, we will access your relevant social media account/s to monitor the content of your relevant social media profiles and alert you (via email) to privacy and/or reputational risks to you, based on the content of your profile and/or postings made by you on your profile wall (including recommended steps for you to take to address those risks, for example, removing certain wall posts or removing information from your profile).
Privacy risks include making available your personal information which could be used by other people to impersonate you. Reputational risks are identified by searching the written content (not photographs) of wall posts for matches against our dictionary of terms which may present you with a reputational risk. The content of your profile and, in certain circumstances, the wall posts on your profile may constitute your personal information (for example, your name, contact details, interests, opinions and beliefs). We will collect this personal information indirectly from you when monitoring your social media profile/wall posts to identify privacy and/or reputational risks as detailed above. The monitoring undertaken by us in order to provide this Service to you will continue until you turn it “off”, which you can do at any time. You have the option to turn monitoring “on” and “off” for each of your social networks individually.
Where you are an EU/UK resident, please also see the section in relation to Special Category Personal Information processed by us in relation to this Service.
Not all subscribers are eligible to receive this Service. For subscribers who are eligible to receive this Service, in combination with our other Services described above, we may provide you this Identity Restoration Service. Depending on your level of eligibility for this Service, the Identity Restoration Service: (i) could be limited to providing you with advice accessible via the Web Portal in relation to steps you can take to protect your identity and address any risks identified; or (ii) additionally may include providing you (at your request, and where your service entitlement or subscription covers this element of this Service) with assistance via a helpline, where our identity restoration advisors can: (a) advise you in relation to steps you should take;
or (b) at your request (and where your service entitlement or subscription covers this element of the Service), take steps on your behalf to communicate with other parties about restoring the integrity of your identity. Where you discuss restoration with one of our identity restoration advisors (via our helpline), we may collect further personal information from you which you provide to us, in order to provide this Service to you (for example, which relevant service provider(s) you use and how to contact them in order to take steps to restore your identity).
We may collect Special Category Personal Information via the Dark Web Monitoring or Social Media Monitoring Services. “Special Category Personal Information” under applicable data privacy law means personal information which reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying you, data concerning your health or data concerning your sex life or sexual orientation or is otherwise a category of information for which explicit consent is required to allow us to process this information under applicable local law.
Unless you are a child or a Staff member of a business subscriber, you are responsible for the accuracy of the information that you provide (including in relation to your child or Staff member, where applicable), and you agree that any discrepancies or inconsistencies with the information you provide may result in your (or their) identity not being validated, which may prevent access to all or some of our Services. In addition, providing us with inaccurate information may mean that you will not receive the benefit of the Service – for example, if you wish to use the Dark Web Monitoring Service and you provide us with an inaccurate passport number for matching against the Database, we will not be able to check the correct passport number against the Database or alert you of any matches.
We use your personal information to provide you with the Services which you are entitled to and have requested.
To enable you to set a log-in to the Web Portal in order to access our other Services.
To search our Database to determine whether any of your personal information has been compromised, and send you (or your parent/guardian or business employer, as appropriate) alerts about this where matches are found.
To search your nominated social media profile and/or wall posts to identify privacy and/or reputational risks, and send you alerts about risks we identify.
To provide you with advice about how to manage identity risks and, if you it forms part of your subscription, to take steps on your behalf and on your request.
We also collect, store and otherwise process personal information for the following purposes related to your use of the Services
In addition, we may also process your personal information for the following purposes:
We may convert your personal information into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data itself. We may then use this aggregated data to conduct market research and analysis, including to produce statistical research and reports. We may share this statistical or aggregated data in several ways, including for the same reasons as we might share personal information, please read the relevant section on that sharing in this Privacy and Cookies Policy.
The processing of your personal information is undertaken on the basis of a number of different lawful conditions.
The processing of personal information for the following purposes:
is performed on the lawful basis that it is necessary in our legitimate interests and does not prejudice your rights, freedoms or personal legitimate interests. The legitimate interests that this is necessary for include providing (and improving and developing) Services which benefit our subscribers and Clients who have procured our Services on their behalf, undertaking tasks to enable that to happen and our businesses to function and protecting our business against legal and other risks.
The processing of personal information for the purposes of providing the Dark Web Monitoring and Social Media Monitoring Services is necessary for us to perform our contractual commitments to you and provide the Services.
The processing of your personal information for the purposes of keeping a record of alerts, to protect against a legal claim against us, for compliance with legal and regulatory purposes, or where we have a legal right or duty to use or disclose your information (including for crime and fraud prevention and related purposes) is necessary to comply with our legal obligations.
In some jurisdictions, in accordance with applicable data privacy law, the processing of your personal information (including Special Category Personal Information) for some or all of the purposes described in “What information do we collect and why” and “How do we use your information?”) must be conducted on the basis of your consent (whether you are providing this on your own behalf, or that of a child). Therefore, when registering to obtain the relevant Services from us, we ask that you provide your consent to the processing of your personal information. Where local data protection laws require consent our processing of your personal information is on the lawful basis of your consent. However, where consent is not required, we will process your personal information because either it is necessary in or legitimate interests, is necessary to enable us to perform the contract or it is necessary for us to comply with our legal obligations.
Where you are (or your child is, as relevant) an EU/UK resident, our lawful basis for processing the following personal information is based on your explicit consent, (given by you on your own behalf and/or as parent or guardian on behalf of your child as relevant).
To the extent that you provide Special Category Personal Information to us via the Dark Web Monitoring Service or it is contained on a compromised record along with this personal information, we may use it to:
The personal information of your child (including Special Category Personal Information belonging to your child - or any other category of information where explicit consent is required to allow us to process this information under applicable local law) which you (as a parent/guardian) provide to us via the Web Portal (or is contained on a compromised record along with this personal information) and which we use to:
This Service is not provided in relation to children.
Any Special Category Personal Information (or any other category of information where explicit consent is required to allow us to process this information under applicable local law) included on your social media profile or wall posts which are monitored by us in order to provide this Service and which we use to:
Please note that where your consent is requested as our lawful basis for processing you are entitled to refuse to give your consent or to withdraw it any time. Withdrawing your consent does not affect the lawfulness of our processing based on your consent before it was withdrawn. However, where your consent is necessary in order for us to process your personal information, by not providing your consent (or withdrawing it), we will not be able to process that information and, or provide the Services to you.
Where you are a Staff member of a business subscriber, our lawful basis for processing your personal information are that the processing is necessary in our legitimate interests or to comply with legal obligations
We will share your personal information with third parties only in the ways that are described in this Privacy and Cookies Policy or where otherwise permitted to do so by law.
In order for us to provide you with the Services and for the prevention and detection of fraud, we will share your personal information with third parties who perform services on our behalf, for example IT companies providing data storage, contact center providers (if you are eligible for the helpline element of our Identity Restoration Service) or other communications providers (for example who may send you email alerts if you are using the Dark Web Monitoring Service). These third parties are authorized to use your personal information only as necessary to provide such services to us.
In certain situations, we may disclose personal information in response to lawful requests by governmental and regulatory bodies, and other public authorities, including to meet regulatory, national security or law enforcement requirements (for example, in relation to investigations of crime). This may be because we are required by law to comply with our legal obligations, or where the disclosure is necessary in our legitimate interest or those of a third party.
We may also disclose your personal information (including as required by law), for example, to comply with a subpoena, or similar legal process, when we believe in good faith that the disclosure is necessary to protect our rights, protect your safety or the safety of others, to investigate fraud, or to respond to a government request.
In addition, in the event of a merger, acquisition, or any form of sale of some or all of our assets to a third party, we may also disclose your personal information to the third parties concerned or their professional advisors. In the event of such a transaction, the personal information held by us will be among the assets transferred to the buyer.
When you close your account with us, we may continue to process your personal information, to the extent permitted by applicable law, for the purposes detailed above (disclosures in relation to suppliers, government bodies, lawful disclosures and third parties).
Experian does not disclose your personal information in a form from which you can be identified to any affiliates within the Experian group (including its parent company), unless otherwise stated elsewhere in this Policy.
In other cases we process your personal information (e.g. Account Set Up Data) on behalf of a Client who is responsible for determining how and why we process it, in which case we will share such personal information with that Client.
The processing of your personal information will primarily be conducted on servers located in Ireland and the United States. However, some processing of your personal information (including by some of our third- party service providers) may be conducted on servers located in another jurisdiction, such as processing by the identity restoration advisors who are located in the Netherlands. We take appropriate steps to protect your personal information regardless of where it is stored. These include entering into contracts with third parties. If your personal information will be transferred to a country outside the United Kingdom or European Economic we will also ensure that the EU Commissions approved standard contractual clauses or some other adequacy mechanism (such as the Privacy Shield Framework in the US) is in place to protect it.
This section applies only where:
In the circumstances outlined, your personal information will be transferred by the Client (or Experian affiliate) to us in the United States, and we (Experian) will protect your personal information in accordance with the Privacy Shield Principles outlined below.
The United States Department of Commerce and the EU Commission have agreed on a set of data privacy principles and frequently asked questions (the “Privacy Shield Principles”) to enable United States companies, to satisfy the requirement under EU law that adequate protection be given to personal information transferred from the EU to the United States.
Experian participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Experian is committed to subjecting all personal information received in connection with the provision of identity theft protection and fraud prevention services from EU member countries (and the UK, during the UK’s transition period following its departure from the EU and any equivalent replacement framework as regards the UK after the expiry of such transition period), in reliance on the Privacy Shield Framework to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, and our certification under the name of CSIdentity Corporation, Inc, please visit the United States Department of Commerce’s Privacy Shield List.
Experian is responsible for compliance with the Privacy Shield Principles in relation to the processing of personal information it receives in connection with the services described above, from EU (and UK) Clients, including where it subsequently transfers the personal information to a third party acting as an agent on its behalf. Experian complies with the Privacy Shield Principles for all onward transfers of personal information from the EU (and UK), including the onward transfer liability provisions.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Experian is subject to the regulatory enforcement powers of the United States. Federal Trade Commission. In certain situations, Experian may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our United States-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration, which is a private form of alternative dispute resolution, when other dispute resolution procedures have been exhausted.
Upon request, Experian will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information, please contact us at email@example.com.
In relation to how you can exercise your rights in relation to your personal information processed by us, please see the section below entitled “Your Rights – Including Access and Deletion”.
We may convert your personal information into statistical or aggregated form, so that you are not identifiable from it alone. Such statistical or aggregated information may be used for statistical analysis and administration purposes, including analysis of trends, carrying out actuarial work, tailoring services, risk assessment and analysis of costs and charges in relation to our Services.
Where lawful to do so, we may also share statistical or aggregated information with third parties such as Clients, prospective Clients and/or partners, our service and other third parties. Please note that statistical or aggregated information may be disclosed to other members of the Experian group – although the recipient of that information will not be able to identify you from that information alone. Examples include business intelligence reports based on aggregated consumer data across regions.
We take appropriate steps to protect the personal information we process about you (for example, encrypting personal information where appropriate).
When you submit personal information to us through our Web Portal or otherwise communicate with us, you should be aware that your personal information is transmitted across the internet and that no method of transmission over the internet is 100% secure. Although we take reasonable security measures to protect your personal information when we receive it, you also need to ensure you take appropriate steps to protect your personal information.
Please note that marketing communications are not the same as information only or service communications and that consents are not usually required in order for us to communicate with you about the Services you have requested, using contact details you have provided for this purpose.
Your personal information will not be kept for longer than is necessary to fulfill the specific purposes outlined in this Privacy and Cookies Policy and to allow us to comply with our legal requirements, including, without limitation, any tax and commercial obligations, as well as respond to potential legal claims. We retain certain personal information in connection with the Dark Web Monitoring Service for 25 years from the date of first collection to enable us to more effectively provide this service.
The criteria we use to determine data retention periods include the following:
We may keep your personal information for a reasonable period after you have enquired about Services, in case of follow up queries from you (or your parent/guardian or business employer, where applicable). Examples of personal information falling within this category are data from product alerts, documents received for ID verification, Account Set Up Data transaction history, correspondence, call notes and personal information submitted for monitoring.
We may keep your personal information for the period in which you (or your parent/guardian or business employer, where applicable) might legally bring claims against us if and to the extent this is relevant. Examples of such personal information are transactional and Account Set Up Data.
Where we are required to keep your personal information to comply with legal and/or regulatory requirements, we will store it for the length of time which we are required to in order to comply with such legal or regulatory requirements (unless we already keep it for a longer period in line with the other reasons stated in this section). Examples of such personal information is transactional (including credit card data for ID verification) and Account Set Up Data.
We will continue to store personal information, where necessary, to provide our Services to you (or your parent/guardian or business employer, where applicable) and the retention of such personal information is necessary for the purposes of pursuing our legitimate interests. An example of this type of personal information is information collected in connection with the Dark Web Monitoring Service. This is retained for 25 years from the date of first collection. We keep this information for 25 years because it is necessary to ensure that the Dark Web Monitoring Service is fit for purpose. This is because the Dark Web Monitoring Service relies on observing and analyzing historical records in order to detect if such records have been compromised. Compromises from many years ago can have current impacts for enduring data records.
We review and cleanse the personal information we hold annually to ensure that we only keep what is necessary in order to provide our service and assist our subscribers., You should be aware however that, although reasonable efforts will be taken, it may not always be possible to completely remove or delete all of your personal information from our databases because of back-ups and other technical reasons. Where this is the case, we will take steps to ensure that your personal information is suppressed in order to render it unusable.
We, and the third parties we engage to perform analytics services:
We may combine the information we have automatically collected from you with other information we collect about you. We do this to improve services we offer you, for functionality and analytics and to develop new products and services.
We use session-based cookies in order to store language and other country-specific preferences such as support contact information. We may also utilize cookies in order to track internal metrics of site usage.
A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on our site.
You can remove persistent cookies by following directions provided in your internet browser’s “help” file. You can choose to accept or decline cookies. Most internet browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the Services.
The following are some examples of information we may collect:
In connection with the use of the Services, for example during the enrolment process or upon log-in to the Web Portal, information about your computer, such as the device ID and other accompanying technical information, will be accessed, stored and used by us or our service provider solely to analyze trends, track users’ movements on the Services, and to gather demographic information about the user base as a whole. If you access the Services through a mobile device, we also may collect information about your device, such as the device ID or another identifier as permitted by the manufacturer.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.
Third parties with whom we partner to provide certain features on our website also use HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5.
Our Web Portal and Services may contain links to other web sites of interest. However, once you click these links to leave our site, you should be aware that we do not have any control over that other web-site and cannot be responsible for the protection and privacy of any personal information that you provide while visiting such sites. You should exercise caution and look at the privacy statement applicable to any other website you visit as this one will not apply.
It is important that you understand your rights in relation to your personal information and how you can contact us if you have questions or concerns. These rights include amongst others described below the right to obtain confirmation as to whether or not your personal information is processed by us as a Controller and the right to request access to your personal information. In order for us to comply with such a request, we may require you to prove your identity to us, and the relevant requirements may vary from country to country.
In addition to the right of access (above) and subject to applicable law, you also have the right to:
To exercise any of your rights (as listed above), including to request the erasure/deletion of your information, please contact us through one of the methods listed below under the section entitled “How to contact us to exercise your rights”. Please note that these rights do not always apply and the timescales for complying may vary depending on which applicable data protection laws apply to our processing of your personal information. . If you make a request to us, we will confirm whether that right applies to the personal information we hold about you and, if so, what timescales apply to our response under the applicable law.
Alternatively, if your (or your child’s or business Staff member’s) personally identifiable information changes, or if you no longer desire our Services, you may correct, update, amend, or deactivate it by making the change on our subscriber profile page within the Web Portal (to the extent you are a subscriber) or by contacting us through one of the methods listed below
Furthermore, and in the event that you feel that we have not satisfied our obligations under data protection laws, you have the right to complain to your local data protection authority.
Where we process your personal information (e.g. Account Set Up Data) on behalf of a Client (and it is the Client who is responsible as Controller for determining how and why we process it) to exercise your rights in relation to any of your personal information processed by us on behalf of the relevant Client, your request should be sent to the Client who is providing you with access to our Services.
If you are a resident of an EU country (or the UK) and wish to exercise any of your rights in respect of your personal information, or if you have questions, comments, and/or complaints regarding this Privacy and Cookies Policy or how we collect, transmit, and process data please contact us by:
MAIL: Experian, 1501 S. Mopac Exp, Suite 200, Austin, TX 78746, USA
If you are a resident of a non-EU country and wish to exercise any of your rights in respect of your personal information, or if you have questions, comments, and/or complaints regarding this Privacy and Cookies Policy or how we collect, transmit, and process data please contact us by email or mail:
MAIL: Experian, 1501 S. Mopac Exp., Suite 200, Austin, TX 78746, USA
In order to ensure that we comply with the requirements of this Privacy and Cookies Policy we will conduct audits both internally and using this party organisations. In addition, if necessary, we will cooperate with an independent third party as a means of providing you with a mechanism by which any complaints and disputes can be investigated and satisfactorily remedied.
We reserve the right to change this Privacy and Cookies Policy. You can determine when this Privacy and Cookies Policy was last revised by referring to the “Effective Date” at the top of this Privacy and Cookies Policy. Any changes to our Privacy and Cookies Policy will become effective upon our posting of the revised Privacy and Cookies Policy. Use of the Services following such changes constitutes your acknowledgement and agreement that you have read and understood the revised Privacy and Cookies Policy then in effect. Therefore, we encourage you to review this Privacy and Cookies Policy for changes from time to time by visiting the following www.experian.com/privacy/csid-global-privacy-policy.
We are CSIdentity Corporation, Inc, an Experian Company and also known as Experian Partner Solutions, and we provide services which help protect people’s information. Our office address is: 1501 South Mopac Expressway, Suite 200, Austin, TX 78746, United States.
Personal information is any information that can be used to identify you, such as what you look like (a photo), where you live, how old you are, your email address and your phone number.
Some people use the internet to buy and sell things against the law. For example people steal personal information about other people and sell it on the internet for money. This could be information about your identity. Where someone has this information they can pretend to be you.
Our Dark Web Monitoring Service carries out searches to see if your information is available on the internet without your permission. We do this by collecting information from different places in the internet and putting it in our database. We then check the information you give us, with the information in our database to see if there is a match. If there is a match we let you/your parent/guardian know so that you and/or they can take steps to protect your information.
We request the following information about you so that we can carry out these checks:
Your parent/guardian will provide this information on your behalf. We will have an agreement with your parent/guardian to use your information. As part of that agreement we’ve asked your parent/guardian to show you a copy of this document so that you understand how your personal information is being used and what the service does. If you do not agree with this document or do not want the service please see the section below on What do I do if I don’t want to use the service anymore?
When your parent/guardian signs up to use the service on your behalf, we ask them to give us your information. We then check your information against our database to see if your information is on the internet without your permission. We do this using a variety of different searches. If we find anything we let your parent/guardian, and /or you know.
We will also use your information in our relationship with you and your parent/guardian – for the day to day running of our account with your parent/guardian about the service. We may also use your information to comply with law. Sometimes we may take your information and change it so that we can review it and learn from it for own research purposes. Where we do this, we change the information in such a way so that we can’t identify you.
We rely on different reasons to use your information which are available under law. Where you live in the EU or the UK, when your parent/guardian signs up on your behalf we rely on them providing consent on your behalf, for us to use your personal information (including special category personal information – or any other category of data where explicit consent is required to allow us to process this information under applicable local law) to: (i) check whether there is a match on our database and let your parent/guardian and/or you know if there is a match (via an email alert); (ii) provide customer support to your parent/guardian if needed and (only to the extent that the information is special category personal information, for example health information or race/ethnicity – or any other category of data where explicit consent is required to allow us to process this information under applicable local law – otherwise we do this based on our legitimate business reasons) deal with our relationship with them; (iii) keep a record of your information and the alerts for your parent/guardian’s or your benefit or to run our business responsibly; (iv) change it so that we can review it and learn from it for own research purposes (as mentioned above); and (v) in some limited cases, to disclose it to other people where there is good reason for this but where not strictly required to comply with law. Where we use your information in the day to day running of our account with your parent/guardian, this will be for our legitimate business reason to do so (unless it is special category personal information – or any other category of data where explicit consent is required to allow us to process this information under applicable local law – in which case we rely upon your parent/guardian’s consent). We may also use your information because it is necessary in order for us to comply with our legal obligations.
We may share your information in the following ways:
Your personal information is kept on computers in Ireland and the USA. If we do send your information to another country, we take steps to protect it and your rights under data privacy law as we are required to by that law.
We take steps to look after your personal information, such as using technology tools to restrict access to the information around our business and where we send it to others, training our staff and putting processes in place to help to keep it secure.
Your personal information will not be kept for longer than is necessary. We may need to keep your personal information for the following reasons beyond the end of the contract and supply of services:
Personal information which we have collected from the dark web is kept for 25 years. We retain this information for this amount of time to provide the service to you and your parent. Data compromised many years ago can still have current day impacts so having a fuller historical set of data to search allows us to deliver our service more effectively.
You have the same rights as an adult when it comes to your personal information. These rights are:
You can raise your rights or your parent/guardian can do so on your behalf at any time, to do this please contact firstname.lastname@example.org.
You have the right to lodge a complaint at any point with the data protection authority for your country.
If you no longer want to use the service, tell your parent/guardian who can contact us or you can contact us directly at email@example.com.