The European General Data Protection Regulation (“EU GDPR”) generally applies to the processing of Personal Information in European Union (EU) member states and the European Economic Area (EEA). As of January 1, 2021, the United Kingdom (UK) is no longer a member of the EU. However, the UK government has transposed the EU GDPR into UK law, creating what is generally known as the "UK GDPR". Despite some technical changes, obligations under the EU GDPR and UK GDPR remain materially the same.
Under both the EU GDPR and UK GDPR (collectively, the "GDPR"), Prove may be considered either a controller (i.e., is the party responsible for, and controlling the processing of, your Personal Information) or a processor (i.e., the party processing your Personal Information on behalf of a controller). Prove may also be considered both a controller and a processor depending on the nature of the transaction.
If the GDPR, individual EU member state laws supplementing the GDPR, or other country laws outside of the United States apply to you, please see the “Your Rights Under the GDPR” or “Local Country Laws Outside of the US, UK, or EU” sections below for further information about your rights.
This Policy applies to your use of our and our affiliates' websites and branded social media pages, as well as when you receive emails, texts, faxes or have other communications with us or our affiliates (collectively, our “Sites”).
This Policy does not apply where we access or use (“Process”) your Personal Information when acting as a processor or service provider on behalf of our Clients, including when we use Trusted Sources (as defined below). However, we briefly explain below for general informational purposes the ways in which we may Process your Personal Information when providing Solutions we offer to our Clients. If you interact with our Solutions through one or more of our Clients and want more detailed privacy information, please contact that Client directly, as our Clients’ privacy policies may differ from those outlined in this Policy. We are not responsible for the privacy or data security practices of our Clients or any other non-affiliate third parties.
This Policy also does not apply to any Personal Information you post to the public areas of our Sites. This includes, but is not limited to, comments to social media platforms and other public forums. Comments posted to public areas may be viewed, accessed, and used by third parties subject to the privacy practices and policies of the platform and/or forum.
2. WHAT PERSONAL INFORMATION DO WE PROCESS?
The types of Personal Information we process depends on (a) how you access or use our Sites and/or (b) how our Clients use our Solutions.
Personal Information We Process Through Our Sites
Prove may process Personal Information such as your name, personal email address, business email address, and/or your personal or business phone number when you communicate with us. For example, by contacting us with inquiries, responding to our polls, RSVP’ing to events, interacting with our landing pages (e.g., leaving a comment) or in response to our marketing materials, or when you set up an account with us. Where we process other Personal Information through your use of our Sites, such as obtaining telephony signals or responding to consumer privacy inquiries through our online portal (powered by OneTrust), we will inform you of this before you provide information and we process Personal Information.
Personal Information Processed in Providing Solutions to our Clients
Prove may process Personal Information when providing Solutions to our Clients. For example, in order to provide our authentication and fraud prevention services to a Client, we may receive Personal Information from our Client, and we may request that a mobile network operator (“MNO”) provide certain telephony signals, name, address, and mobile phone number. We may also obtain similar information from trusted proprietary third parties, or third party platforms or applications, including online databases or directories (“Trusted Sources”). We may also use Personal Information when combining information from MNOs and Trusted Sources when providing Solutions to our Clients. Regardless of where the Personal Information originates from, Prove complies with all applicable laws governing processing of Personal Information when providing Solutions to our Clients, and processes Personal Information in accordance with our Client agreements.
Personal Information We Collect Automatically via Tracking Technologies (e.g., Cookies)
3. HOW DO WE USE PERSONAL INFORMATION?
Prove may use Personal Information to:
4. WHEN DO WE SHARE YOUR PERSONAL INFORMATION?
Prove may share Personal Information as set forth below:
We may also share Personal Information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
5. HOW DO WE RESPOND TO “DO NOT TRACK” SIGNALS?
6. ONLINE ADVERTISING
Prove may permit third party online advertising networks, social media companies, and other third party services to collect Personal Information through cookies and similar Tracking Technologies related to your visit to our Sites so that they may play or display ads that may be relevant to your interests on our Sites as well as on other websites or apps, or on other devices you may use. This information may also be used to make the advertisements you see online more relevant to your interests. For example, Prove or a third party may utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (e.g., Google Analytics cookie) and third party cookies (e.g., DoubleClick advertising cookie) or other third party cookies together to inform, optimize, and display ads based on your past visits to the Sites. To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may visit the Network Advertising Initiative’s online resources at http://www.networkadvertising.org/choices, and/or the Digital Advertising Alliance’s resources at https://optout.aboutads.info/. You may also control your advertising preferences or opt-out of certain Google advertising Solutions by visiting the Google Ads Preferences Manager, available at https://google.com/ads/preferences/ as of the effective date of this Policy.
7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
Keeping information safe. Prove maintains reasonable administrative, technical, and physical security measures to protect your Personal Information, including unauthorized access and use. However, no security system is impenetrable. In the event that any Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised, and take other steps, in accordance with any applicable laws and regulations. In the event Personal Information in our possession is affected by a security event, we will notify our Clients (and where appropriate, consumers directly) in accordance with our contractual obligations and applicable law.
Data retention. We may retain your Personal Information as long as appropriate for business purposes, unless we are required by law, regulation or for litigation and regulatory investigations to keep it for longer periods of time. Any Personal Information that we have acquired, either directly or from third parties, and that is no longer needed for any business or record-keeping purposes, is disposed of securely and in compliance with established best practices for secure data destruction and/or de-identification. Personal Information that we have processed on behalf of our Clients may be retained, stored, and deleted but only in accordance with our contractual obligations and in compliance with applicable law.
8. LINKS TO OTHER WEBSITES
Our Sites may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites which are not Prove-branded and services. Personal Information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing Third Party Site links on our Sites, Prove does not imply that we endorse or have reviewed the privacy policies of these sites. Please contact the Third Party Sites directly for information on their privacy policies and practices.
Prove does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to Prove through the Sites or Solutions, please contact us at firstname.lastname@example.org and we will endeavor to delete that information from our databases.
10. YOUR CALIFORNIA, NEVADA AND OTHER STATE OPT-OUT PRIVACY RIGHTS
If you are a California resident, you may be entitled to opt out from having your Personal Information shared or used under California Civil Code Section 1798.120. If you are a California or Nevada resident, you may be entitled to opt out of the sale of your Personal Information under California Civil Code Section 1798.120 or Nevada Senate Bill 220 respectively. If you are a resident of any other State, you may be entitled to similar rights. You may make an opt-out or related request by contacting us using the contact information in Section 13 below or clicking the “Exercise Your Rights” or “Do Not Sell My Personal Information” links at the bottom of Prove’s website.
11. YOUR RIGHTS UNDER THE GDPR
Under the GDPR, Prove may be considered a controller and/or a processor depending on the nature of the transaction.
Legal Basis for Processing under GDPR: Under the GDPR, Prove may process your personal data (as defined under applicable laws) if necessary:
Prove may also process personal data on the basis of your freely given, specific, informed, and unambiguous consent. You are legally entitled to withdraw your consent at any time. If you do this and we have no alternative legal basis for processing your personal data, this may affect our ability to provide you with rights to use the Sites as well as our Solutions.
We may store personal data for as long as necessary to fulfill the purposes for which we process the data, except if required otherwise by law.
Special Categories of Data: Certain Prove Solutions may collect, store, process, and transmit biometric data (e.g., data related to human gait) to the extent legally permitted under GDPR for the provision of such Solutions.
Prove does not directly or intentionally collect, store, process, and transmit any of the other following special categories of personal data as defined by the GDPR:
Specific Rights under the GDPR: If the GDPR is applicable to you, you may have the following rights in respect of your personal data that we hold:
Additionally, you have the right not to be subject to a decision based solely on automated processing, including profiling. Our Solutions are not used by our Clients to determine credit worthiness. Our Solutions are used to assess the probability of you being the person you’re claiming to be and help avoid fraudulent activities. If you interact with our Solutions through one or more of our Clients, please contact that Client directly in order to understand how they use our Solutions within their current processes, contest any decisions they have made based on our processing, and/or verify your identity.
In the instances where we control your data and you wish to exercise any of these rights, you may contact us in writing at the address below or via email at email@example.com at any time, or by using the “Exercise Your Rights” link at the bottom of our website. We will comply with applicable laws, but may not be able to honor your request in all circumstances.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
International Transfers: Personal Information received on behalf of Clients for the United States market is processed on servers located in the United States. Personal information received on behalf of Clients based or servicing primarily the European Economic Area countries are processed on servers based in Europe. Your Personal Information, if stored, may also be transferred to locations outside Europe from vendors or Trusted Sources we use.
Where we transfer your Personal Information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:
In other circumstances, the law may permit us to otherwise transfer your Personal Information outside Europe. In all cases, however, any transfer of your Personal Information will be compliant with applicable data protection law.
You can request more details of the protection given to your Personal Information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by using the details set out below in the “Contacting Us” section.
Consequences of Non-Compliance: The GDPR states that penalties for non-compliance with the GDPR must be effective, proportionate, and dissuasive for each individual case. Prove understands that GDPR-related fines can be up to 10 million euros or up to 2% of our entire global turnover of the preceding fiscal year, whichever is higher.
12. LOCAL COUNTRY LAWS OUTSIDE OF THE US, UK, OR EU
Where local countries’ laws outside the EU or United States apply to Solutions offered to our Clients or our Sites, we comply where applicable. If such laws apply to you and you have additional questions, please reach out us at emailing us at firstname.lastname@example.org, by writing to us at Payfone, Inc. d/b/a Prove, 245 5th Avenue, 20th Floor, New York, NY 10016, or by using the “Exercise Your Rights” link at the bottom of our website.
14. CONTACTING US
If you have any questions, comments, requests, or concerns regarding this Policy, or if you wish to file a complaint, please email us at email@example.com, call us using our toll-free number at 888-315-8780, or use the “Exercise Your Rights” link at the bottom of our website. You can also contact Prove’s Data Protection Officer by writing to:
Prove Identity, Inc.
Attn: Prove Compliance Department
245 5th Avenue, 20th Floor
New York, NY 10016