NS8 Solutions Privacy Notice
Effective Date: September 4, 2019
This privacy notice sets out how NS8 Inc. and its group entities ("NS8" or "we") use and protect any information that you provide to NS8 when you visit our website(s) https://www.ns8.com, https://www.truestats.com/, and https://www.staylive.com/ ("the Websites") and correspond with us. NS8 Inc. is the data controller for our website, and the local NS8 entity (NS8 Inc. or NS8 B.V.) with whom you may interact is the data controller for such interactions.
NS8, Inc. offers abuse, fraud and user experience protection solutions ("Services") to its customers. These Services rely on the analysis of (abnormal) behavior on our customers' customers' websites and platforms which we may compare with and test against historical data in our database. Security and data protection are the cornerstones of our solutions and we wish to be fully transparent about our Services. Insofar as our Services process Personal Information, this Privacy Notice applies.
II. WHAT WE MEAN BY "PERSONAL INFORMATION"
For purposes of this Privacy Notice, "Personal Information" means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source.
III. WHAT DATA DO WE COLLECT?
(1) Data Collected Automatically
Most of the data we collect in and through the Websites and the Services is technical in nature and is collected and processed automatically through scripts, cookies and similar software-based technologies. Alone or in combination with other data, such automatically collected data may constitute Personal Information. The data we may collect by automated means may include, without limitation:
- Device data: including data on device ID's and similar hardware qualifiers.
- Websites, applications and browsers: including data on the existence, characteristics and behavior of websites, applications and browsers (e.g., browser type, version, language, preferences).
- Network and internet information: including URLs, IP addresses, bounce rates, use of spoofing, active (TCP/IP) ports, originating search engine, number of sessions initiated, click streams, location information and network/Wi-Fi access points.
Google Analytics is an element of the Websites. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the Websites, the Internet Protocol address, and the type of operating system used in the devices used to access the Website. By using a browser plugin available at http://www.google.com/ads/preferences/plugin/ provided by Google, you can opt out of Google Analytics.
(2) Data You Provide to Us
When you use the Websites or otherwise communicate with us, we collect data that you provide to us directly. For example, we collect data in the following circumstances: when you sign up for a newsletter, when you contact us via the Websites; and when you otherwise communicate with us.
The data you provide to us directly may include, without limitation, the following information that may, alone or in combination with other data, constitute Personal Information:
- Information you provide through our 'Contact' section, including your name, company, e-mail, country, inquiry, and any other information you decide to provide;
- Information you provide via email or using the contact details listed on various parts of the website, including your name, company, and phone number, and any other information you provide to us;
- Information you provide in order to subscribe to our newsletters and updates, including your email address, the topic for which you wish to receive updates, or any other information you decide to provide us with. You may always unsubscribe from these emails by following the instructions included;
- If you are one of our customers, suppliers or prospects, we may process limited Personal Information in the course of our business relation with you, for example when you place an order, request a demo or vice versa. Such Personal Information may include your name, company, title, e-mail address, telephone number, address, order details, and where applicable and relevant, credit registrations and credit limits;
- transaction and limited (non-PCI) payment data; and
- Other information: We may also collect any other information you may want to share with us, such as Personal Information related to recruitment / job applications. Moreover, if you contact us, a record of this correspondence may be kept.
We may also obtain data from third-party sources such as our customers, data providers, and credit bureaus, where permitted by law.
IV. PURPOSES FOR OUR COLLECTION AND USE OF PERSONAL INFORMATION
The Personal Information we collect is primarily processed for and on behalf of our customers and used to provide our abuse, fraud and user experience protection solutions on their websites, platforms and applications. In providing our Services, we obtain feedback from our customers. We process and use this feedback for the legitimate interests of our Customers, their bona fide end-users and of us providing our Services, preventing fraud and abuse (including identity and credit card fraud) and securing online websites and environments.
We use the Personal Information you provide to us when you contact us in relation to enquiries, orders, comments or complaints made by you for conducting business with you and for our legitimate interest of communicating with you about our products and services. With your consent (unless otherwise permitted by applicable law) we use the Personal Information you provide us via our Websites (for example when signing up to our newsletters) to send you information on our products and services, special offers and other information based on the interests that you have indicated to us. If you do not wish to receive such information, you can indicate so via the details directly below or the links provided in our emails. If you are one of our customers, suppliers or prospects, we use Personal Information about you to establish and fulfil our contract with you. This may include verifying your identity, communicating with you and arranging the provision of products and services. We also use Personal Information about you for our legitimate interests of documenting and managing our internal administration.
We use the Personal Information we obtain from use of the Websites for market research in pursuance of our legitimate interests of improving our products and services and being able to offer our customers and prospects tailored products and services.
In addition to the above, we use the Personal Information in order to comply with applicable laws and for our legitimate purposes of protection our legal rights, in connection with legal claims, and for compliance, regulatory, and investigative purposes. This may include sharing the Personal Information with third parties, such as governmental authorities or law enforcement officials subject to applicable law.
V. WHO DO WE SHARE PERSONAL INFORMATION WITH?
We may disclose Personal Information you provide to us or that we collect automatically on the Websites and in and through the Services with the following categories of third parties:
- Service providers, such as data storage service providers, marketing service providers, accounting service providers, social media platforms you use, and communications service providers (e.g. Intercom.io, Salesforce.com, Outreach.io, Stripe.com, Unbounce.com and Marketo.com) and human resources service providers;
- Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
- Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Websites and/or the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Notice.
For service providers and third parties outside of the European Economic Area ("EEA") that are not subject to an adequacy decision from the European Commission we rely on the so-called EU model clauses, their EU-US Privacy Shield Certification and the Binding Corporate Rules they may have adopted. If you wish to hear more about these safeguards, please contact us through the details further below.
VI. THIRD PARTY PRACTICES
Our Services are set up in such way that they allow our customers a great deal of control of any (further) use of the Services and Personal Information. As our customers exercise such control and can use and implement the Services to their liking (as detailed in their contract with us), we are not responsible for any further use of our Services and Personal Information (including the combination of the Personal Information with other information) by our customers. If you would like to have more information on how the Services and Personal Information are used by our customers, we invite you to read their respective data protection notices and/or contact them directly.
VII. INDIVIDUAL RIGHTS
Where we process Personal Information, individuals are entitled to ask us for an overview of the Personal Information we have about them and also to access, correct or delete certain Personal Information, restrict processing of their Personal Information, or to ask us to transfer some of Personal Information to other organizations. Certain individuals can also object to some processing of their Personal Information and, where we have asked for their consent, they can withdraw their consent at any time. Insofar as Personal Information about them is processed, certain individuals also have a right to know more about the protection we apply when transferring Personal Information to non-EEA countries.
Note that we are not legally obligated to agree to such requests in all circumstances, and in certain circumstances, agreeing to a request may be infeasible – for example, a deletion request when we are required by law to maintain the Personal Information. Please also note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.
Where applicable, these rights can be exercised by sending us an email through the contact details further below. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at firstname.lastname@example.org so we have an opportunity to address your concerns directly before you do so. We are committed to compliance with the General Data Protection Regulation ("GDPR") where applicable, so please contact us through the details listed below if you have any questions about these rights.
VIII. FOR CALIFORNIA RESIDENTS
California Civil Code Section 1798.83 permits Website(s) users who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make a request, please contact us: email@example.com.
IX. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
NS8 is a U.S.-based company with domestic and international business clients. As a result, Personal Information that we collect on our Websites and through the Services may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, Personal Information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the Personal Information was initially collected. In all such instances, we use, transfer, and disclose Personal Information solely for the purposes described in this Privacy Notice.
X. TRANSFERS OF PERSONAL INFORMATION FROM THE EU OR SWITZERLAND TO THE UNITED STATES
In compliance with the Privacy Shield Principles, NS8 commits to resolve complaints about your privacy and our collection or use of Personal Information about you. Persons from the EU or Switzerland who have inquiries or complaints regarding this Statement should first contact us via email at: firstname.lastname@example.org.
NS8 has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
Additionally, with respect to complaints concerning human resources data that is transferred from the EU and Switzerland to the United States, we have agreed to participate in the dispute resolution procedures of the EU Data Protection Authorities. Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm. NS8 will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints concerning human resources data that is transferred from the EU and Switzerland to the United States under the Privacy Shield.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Pursuant to the Privacy Shield, NS8 remains potentially liable for the transfer of Personal Information to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.
In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to the EU-US and Switzerland-US Privacy Shield, NS8 is potentially liable.
XI. DATA RETENTION
We retain Personal Information about you only for as long as needed for the purposes for which it was collected.
Personal Information is only kept for as long as needed for the purposes described in this Privacy Notice and for our legitimate business purposes, after which it is scrubbed, anonymized or obfuscated as soon as possible unless otherwise required by applicable legislation. This typically happens within one (1) year after initial collection of such Personal Information for the Company's "Protect" offerings. Historical data (utilized for the Company's TrueStats offering) will typically be retained for a period of two (2) years after initial collection.
If you are a customer or supplier of NS8, NS8 will retain Personal Information about you for the duration of the contractual relationship you or your company has with us and after the end of that relationship for as long as necessary to perform the purposes set out above or to comply with other legal obligations. Personal Information we collect as a result of you subscribing to our newsletter or press releases will be stored until you decide to withdraw your subscription.
XII. DATA SECURITY
We maintain commercially reasonable risk-based security and data protection measures, which include end-to-end encryption for Personal Information in transit and encryption for Personal Information at rest. For more information on our security practices, please review our Security Policy at https://www.ns8.com/en-us/policies/security.
XIII. LINKS TO OTHER WEBSITES
Our Websites may contain links to other websites of interest. However, once you have used these links to leave our Websites, we do not have any control over third party websites. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and review the privacy notice applicable to the website in question.
NS8 does not offer Services to children. If you are under 18, you may use the Services only with the full knowledge and consent of a parent or guardian.
XVI. CHANGES TO THE PRIVACY NOTICE
This Privacy Notice may change from time to time, effective from the date mentioned in the updated version of the Privacy Notice. Please check the Websites periodically to review such changes in the Privacy Notice. We may email periodic reminders of our agreements and policies in the event of a change.
XVII. CONTACT US
If you have any questions or concerns about this Privacy Notice or about NS8's privacy or data security practices, please contact us via the following:
Data Protection Officer (David Hansen):
241 W Charleston Blvd, Suite 111
Las Vegas, NV 89102
Attn: Data Protection Officer
NS8's representative in the EU is:
1018 VN Amsterdam, Netherlands
Attn: Managing Director