Emailage Privacy Statement
What Information Is Collected?
“Personally identifiable information” means any information that may be used to identify an individual, including, but not limited to, a first and last name, home or other physical address, an email address, phone number or other contact information, whether at work or at home. When you use our website or services Emailage may collect from you the following personally identifiable information: first and last name, city, state and zip code, email address, birthday and phone number. Emailage also automatically receives and records information on our server logs from your browser, including your IP address, cookie information and the page you requested. You can choose not to provide us with certain information, but then you might not be able to take advantage of many of our features. Emailage may keep a cached copy of the content you serve us as a part of your use of the service for an indeterminate amount of time, including media files and XML files. To assist in our development, we may keep copies of HTTP requests and responses in your notification log, available only to you. We may keep access log, notification log, billing/ payment, and other log data for at least six months from the date of entry.
How Is Such Information Used?
Is The Information Shared or Disclosed?
Emailage is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your personally identifiable information with certain third parties without further notice to you, as set forth below:
- Third Party Applications and Services: If you elect to use one or more third party applications that interoperate with Emailage’s service via Emailage API, those applications may, upon your election, be given access to data (which may include personally identifiable information) on Emailage’s systems generated relating to your use of Emailage’s service. Please remember that Emailage is not responsible for the policies and practices of third party application providers, and Emailage shall have no liability arising from any action of any such provider as it concerns your data or information or otherwise. Regarding your use of any such third-party applications, please review carefully the applicable privacy policies of each such third-party application provider to become familiar with their policies and practices as it concerns your data and information.
- Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, your personally identifiable information may be part of the transferred assets. You acknowledge that such transfers may occur, and that any acquirer or successor of Emailage may continue to use your information as set forth in this policy.
- Agents, Consultants and Related Third Parties: Emailage like many businesses, sometimes use other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
- Legal Requirements and Other Circumstances: Emailage may disclose your personally identifiable information, if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Emailage, (iii) act in urgent circumstances to protect the personal safety of users of the Emailage website or services or the public, or (iv) protect against legal liability.
The Security of Your Information
We will take reasonable precautions to protect personally identifiable information in our possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We follow generally accepted industry standards to protect the personally identifiable information submitted to us, both during transmission and storage. No method of transmission over the Internet or method of electronic storage is, however, 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personally identifiable information, and have our security controls certified by an independent third party, we cannot guarantee its absolute security.
Emailage is not intended for or directed to persons under the age of 13. Any person who provides their information to Emailage represents to us that they are 13 years of age or older.
Forums and Comments
If you use the forum or post comments on this website, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. Emailage is not responsible for any personally identifiable information you choose to submit in that context or anything arising from such submissions.
Collection of Mobile Identifiable Information
You authorize your wireless operator (AT&T, Sprint, T-Mobile, US Cellular, Verizon, or any other branded wireless operator) to use your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status details, if available, to allow verification of your identity and to compare information you have provided to Emailage with your wireless operator account profile information for the duration of the business relationship.
Links to Other Sites
Privacy Shield Notice – EMAILAGE CORP.
Emailage Corp. operates as both as a data controller and a data processor and only collects email addresses from our customers for the purposes of reducing fraud incidents for banks, financial institutions, retailers, e-commerce, and online merchants. If you are an individual interested in accessing your personal data we may possess, please refer to the company that sent/originated this data for processing.
In compliance with the Privacy Shield Principles, Emailage Corp. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact Tony Valentine, Director Risk and Compliance at firstname.lastname@example.org and/or Privacy@emailage.com
Emailage Corp. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
The U. S. Federal Trade Commission is the enforcement authority with jurisdiction of compliance with the Privacy Shield
Notice: We acknowledge consumers have the right to access their personal data for the purposes pf correcting and/or deleting this data, however, you the individual must contact the original party that provided this information to us.
Choice: We recognize an individual has the right to opt in/opt out of the use of their personal data, but we ask that you the individual go back to the original company that provided us the data.
Accountability of Onward Transfer: If Emailage Corp. transfers personal information we will take appropriate measures to protect the privacy and personal information that we transfer. In cases of onward transfer to third parties of data of EU, UK, or Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Emailage Corp. is potentially liable.
Security: Emailage Corp. data is encrypted at rest and in transit. Data securely resides in our data centers which are SSAE16, SOC II and PCI-DSS compliant.
Data Integrity and Purpose Limitation: Emailage Corp. provides data that is accurate and used only for the purpose it was intended to reducing fraud incidents.
Access: Emailage Corp. acknowledges that individuals have the right to access their personal information and should contact the originating company that provided this data to us.
Recourse, Enforcement and Liability: Emailage Corp. also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
When Emailage Corp. becomes subject to an FTC or court order based on noncompliance, Emailage Corp. shall make public any relevant Privacy Shield related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.
We regularly review how we’re meeting these privacy promises, and we also provide an independent way to resolve complaints about our privacy practices. To access your personal information, ask questions about our privacy practices, or issue a complaint, contact us at Privacy@emailage.com or:
Emailage Corp.Attn: Director, Risk and Compliance25 South Arizona Place, Suite 400Chandler, AZ, 85225866.936.2452
Emailage has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Emailage.com operates “AS-IS” and “AS-AVAILABLE,” without liability of any kind. Emailage.com is not responsible for events beyond our direct control.
Postal mail Address
Emailage Corp.25 South Arizona Place, Suite 400Chandler, AZ, 85225866.936.2452
Changes to the Privacy Statement
We updated the Privacy Statement to remove any language related to the US Swiss Safe Harbor Framework and Principles since those are no longer valid.
We updated the Privacy Statement to add specific language regarding our self-certification and compliance with both the EU-US and Swiss-US Privacy Shield framework and principles.
We updated the Privacy Statement to add specific language for Switzerland individuals and dispute resolution remedies.
We updated the Privacy Statement to address GDPR elements and considerations for entities transacting business with our UK subsidiary, Emailage Limited; as well as to update specific language regarding our access to and use of data we use in the provision of our services.
We updated the Privacy Statement to add specific language for United Kingdom individuals.
If you have any questions, comments or concerns about any aspect of this policy or how we handle your information, please email email@example.com or see our contact details below.
2. Who we are
3. How we interact with you
4. About our services
The Emailage group of companies provide identity validation and risk assessment services to corporate clients who interact and enter into transactions with individuals. Our services are designed to reduce fraud in the market, improve customer experiences and drive transaction approvals. Our services also benefit individual customers, prospective customers and the public generally, as the cost of fraud is one of the factors that can push up the costs of products and services.
Our services form part of our client’s compliance checks, which helps them to verifying the identity of their individual customers, and verifying the information which individuals provide when they engage with the client for products and services (e.g. when purchasing goods and/or services through the client’s website). Our service forms part of this verification process, by providing a fraud risk score in relation to the individual customer’s email address.
If you procure goods or services from one of our clients (or seek to enter into transactions with them) they may use our services to help them check you are who you say you are, and that the contact information you provided is correct. This is all done in “real time” behind the scenes, and our client chooses how they use our services and risk assessment (together with other checks they might perform) as part of their fraud prevention and due diligence checks.
Further details on our services are set out on the Emailage website – Emailage Solutions.
5. Our privacy principles
Privacy policies can be complicated, so we have tried to make ours as clear and as accessible as possible. However, if you want to find out more information about our privacy practices, please email firstname.lastname@example.org or see our contact details below.
If your query relates to a third party who uses our services (i.e. one of our clients), please contact that third party to find out more about how they use your personal information and our services in their interactions with you.
6. The personal information we collect about you
Our main reason for collecting and using your personal information is to provide and improve our service, products and experiences, and to provide identity validation and risk assessment services to corporate clients.
If you make contact with us directly, or use our website
When you access and browse our website, or contact us by phone, email or other channels (including social media), such as when you try and contact us, register for a demo of our services, or participate in our blog, we collect any information that you choose to submit to us through the available data entry fields. We also collect information when you register or login to use our services. This might include your name, physical address, email address, phone number or other contact information, and any other information you provide as relevant to your interaction with us.
Typically the forgoing types of information are in the context of your employment (such as your work email, work address etc.) – for example if you contact us to enquire about our Services as a prospective client.
If your data is used for our Services
In order to provide our services, and so we can make sure our identity validation and risk assessment services are as accurate as possible, we collect information from third party data suppliers who have the right to share this information with us. This, again, generally consists of names, email addresses, IP addresses, location data, profile information and other information from social media platforms and public available sources, and information related to the foregoing. We collect these data sets periodically to maintain and keep our database up to date, and sometimes collect this information from third parties in “real time” when a client asks us to carry out a fraud check.
7. Collection of mobile identifiable information
You authorize your wireless operator (AT&T, Sprint, T-Mobile, US Cellular, Verizon, or any other branded wireless operator) to use your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status details, if available, to allow verification of your identity and to compare information you have provided to us with your wireless operator account profile information for the duration of the business relationship.
8. How we use your personal information
Our main reason for collecting and using your personal information is to provide and improve our service. To do this and to manage our internal business operations we also carry out the following activities:
- To respond to queries and requests, and to communicate with you if you contact us.
- To provide our services and support for our services to our client, monitor use of our services and to improve the content and functionality of our website and services.
- To make an assessment as to potential risk of fraud associated with information that is provided to one of our clients as part of our identity validation and risk assessment services (see section 3 above for more details on our services, and see below for a more detailed explanation of our legitimate interest in processing personal information for this purpose).
- To provide updates to you about any changes to our policies, terms and conditions and any other matters which we may need to tell you.
- To tell you about our products and services and send you relevant and interesting marketing communications.
- To comply with legal obligations, to assist in any disputes, claims or investigations
9. Our rights to use your personal information
In accordance with relevant data protection laws, we have a legitimate interest in processing the personal information we obtain from our clients and third parties relating to individuals in respect of whom we provide our identity validation and risk assessment services. In particular:
- Our services are designed to reduce fraud in the market, which has a direct benefit to individual customers, prospective customers and the public generally, as the cost of fraud is one of the factors that can push up the costs of products and services, or limit or restrict their supply – you directly and indirectly benefit from our Services because fraud is a factor that increases the costs of goods and services to consumers. Our Services also improve customer services and user journeys when individuals seek to make purchases online.
- Our services form part of our client’s compliance checks, which are necessary for the client to ensure it meets external and internal governance obligations (including necessary risk due diligence on individual customers and potential customers). In particular, our clients have a legitimate interest in verifying the identity of its individual customers, and verifying the information they provide when they engage with these customers. Our services forms part of this verification process, by providing a fraud risk score in relation to the individual client’s email address (and IP address if part of the agreed service).
In some relatively limited circumstances we may need to handle your personal information in a certain way to be able use to comply with our legal obligations, for example, if we are asked to disclose your personal information to regulatory bodies or law enforcement authorities.
10. Forums and comments
If you use our forum or post comments on our website or blog, you should be aware that any personal information you submit there can be read, collected, or used by other people, and could be used to send you unsolicited messages. We are not responsible for any personal information you choose to submit in that context or anything arising from such submissions.
Technologies such as cookies, beacons, tags and scripts are used by us and our partners, affiliates, or analytics or service providers. These technologies are used in analysing trends, administering our website, tracking users’ movements around our website and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
12. Anonymous data
We sometimes collect anonymised details about visitors to our website and users of our services for the purposes of aggregate statistics or reporting purposes. However, no individual will be identifiable from the anonymised details we collect for these purposes (and therefore it isn’t “personal information”).
We do not and will not knowingly collect information from any unsupervised child under the age of 13. If you are under the age of 13, you should not provide us with any of your personal information. If we learn that we have inadvertently obtained personal information in relation to a child under the age of 13, we will delete that information as soon as possible.
If you think we might have inadvertently obtained personal information of a child, please contact us at email@example.com.
We don’t use any of the personal information we collect from our clients or which we collect from third parties as part of our fraud prevention Services to market to individuals, and we won’t contact you about our services or send you marketing information, or sell this information for marketing purposes to third parties.
If you provide us with your details when you contact us (such as to enquire about our services, or if you are one of our clients) we may collect and use your personal information for undertaking marketing by email, social media, telephone and post – we may send you certain marketing communications (including electronic marketing communications to our existing customers) if it is in our legitimate interests to do so for marketing and business development purposes. However, we will always obtain your consent to direct marketing communications where we are required to do so by law and will provide any mandatory opt-out options.
If you wish to stop receiving marketing communications, you can contact us by email at firstname.lastname@example.org at any time or by using the contact details below.
15. How we share your personal information
If you have a query about how a third party might use our services and how they made a decision as to whether or not to enter into a transaction with you, please contact that third party.
We may also disclose the personal information we hold under the following circumstances:
- Service and website usage information: When we share anonymous information generated by our services or use of our websites.
- Third-party service providers: When we share information with third-party service companies to facilitate or to provide certain services on our behalf. This will include:
- IT infrastructure companies that facilitate our provision of our website and the services
- IT support service providers
- payment providers (to the extent we take any payments from you)
- other third-party service providers, for the purpose of tracking use of our website
- carefully selected third party data suppliers (but only to the extent that we need to share information with them to verify the information we hold, or to obtain additional information), and on the basis that they have the right to share this information with us
These companies are authorised to use the personal information we share with them (if any) only as necessary to provide their services to us.
- Merger or acquisition: When we need to transfer information about you if we are acquired by or merged with another company. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified afterwards via a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
16. International transfers
We may transfer personal information that we process to third party data processors located in countries that are outside of the European Economic Area (including to the United States of America) or to members of our group of companies (including to those in the United States of America) in connection with the above purposes.
Emailage Corp., our parent company, complies with the EU-US and Swiss-US Privacy Shield framework as set forth by the US Department of Commerce regarding the collection, use, and retention of data from the EU.
In accordance with the Privacy Shield, Emailage Corp. adheres to the Privacy Shield principles of: (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access; and (7) Recourse, Enforcement and Liability in respect of any personal information we share with them for the purposes set out above.
Further details on the steps we take to protect your personal information when we make these transfers are available from us on request by contacting us by email at email@example.com.
We are committed to protecting your personal information and we use appropriate technical and organisational measures, including encryption, to protect your personal information and privacy, and review those regularly. We protect your personal information using a combination of physical and IT security controls, including access controls that restrict and manage the way in which your personal information and data is processed, managed and handled. We also ensure that our staff are adequately trained in protecting your personal information. However, whilst we take appropriate technical and organisational measures to safeguard the personal information that we process, if you provide us with any personal information over the Internet we cannot guarantee the security of the transfer (as no transmission over the Internet can ever be guaranteed as being secure).
In the unlikely event that we do suffer a security breach which compromises our protection of your personal information and we need to let you know about it, we will do so.
18. Data retention
You may have the right to ask us to delete any personal information we hold about you (in accordance with your rights below), and if you want to seek to exercise this right please email firstname.lastname@example.org.
19. Your rights
Under relevant EU data protection laws you have the right to access, update and amend the personal information that we hold about you. In certain circumstances, you can also:
- object to our use of your personal information for certain purposes
- ask us to limit or restrict our use of your personal information
- ask us to correct, remove or delete personal information about you
- ask us to provide certain personal information to a third-party provider of services
Please note that these rights do not always apply and there are certain exceptions to them, but if that is the case we’ll let you know and tell you why. We may also need to confirm your identity before acting on certain requests. If the law allows us to impose a fee for giving you access to your personal information, or to exercise any of your other rights in relation to your personal information, we will let you know.
If you would like to exercise any of your rights in relation to your personal information, please email email@example.com.
20. Third parties
21. Questions, complaints and suggestions
We have a Data Protection Officer to assist with all queries and complaints regarding our processing of personal information and who can be contacted at firstname.lastname@example.org.
If you have any queries about our website or services, please contact us via our Contact Page, or call us on UK 0808 109 6007.
You may also make a complaint to our supervisory body for data protection matters (namely the UK’s Information Commissioner’s Office) or seek a remedy through local courts if you believe your rights have been breached.
If your query relates to a third party who uses our services (i.e. one of our clients), please contact that third party to find out more about how they use your personal information and our services in their interactions with you.