For the purposes of the European Union or Switzerland (“EU”) General Data Protection Regulations (“GDPR”) or EU individual member country laws (“EU Data Protection Laws”), Prove may be considered either a data controller (i.e., Prove is responsible for, and controls the processing of, your Personal Information) or a data processor (i.e., Prove processes your Personal Information on behalf of a data controller). Prove may also be considered both a data controller and a data processor depending on the nature of the transaction. If EU Data Protection Laws or other country laws outside of the United States apply to you, please see the “Your Rights as an EU Resident” or “Local Country Laws Outside of the EU” sections below for further information about your rights.
2. WHAT PERSONAL INFORMATION DO WE PROCESS?
The types of Personal Information we process depends on (a) how you access or use our Sites and/or (b) how our Clients use our Solutions.
Personal Information We Process Through Our Sites
Prove may process Personal Information such as your name, personal email address, business email address, and/or your personal or business phone number when you communicate with us. For example, by contacting us with inquiries, responding to our polls, RSVP’ing to events, interacting with our landing pages (e.g., leaving a comment) or in response to our marketing materials, or when you set up an account with us. Where we process other Personal Information through your use of our Sites, such as obtaining telephony signals or responding to consumer privacy inquiries through our online portal (powered by OneTrust), we will inform you of this before you provide information and we process Personal Information.
Personal Information Processed in Providing Solutions to our Clients
Prove may process Personal Information when providing Solutions to our Clients. For example, in order to provide our authentication and fraud prevention services to a Client, we may receive Personal Information from our Client, and we may request that a mobile network operator (“MNO”) provide certain telephony signals, name, address, and mobile phone number. We may also obtain similar information from trusted proprietary third parties, or third party platforms or applications, including online databases or directories (“Trusted Sources”). We may also use Personal Information when combining information from MNOs and Trusted Sources when providing Solutions to our Clients. Regardless of where the Personal Information originates from, Prove complies with all applicable laws governing processing of Personal Information when providing Solutions to our Clients, and processes Personal Information in accordance with our Client agreements.
Personal Information We Collect Automatically via Tracking Technologies (e.g., Cookies)
3. HOW DO WE USE PERSONAL INFORMATION?
Prove may use Personal Information to:
4. WHEN DO WE SHARE YOUR PERSONAL INFORMATION? Prove may share Personal Information as set forth below:
We may also share Personal Information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
5. HOW DO WE RESPOND TO “DO NOT TRACK” SIGNALS?
6. ONLINE ADVERTISING
Prove may permit third party online advertising networks, social media companies and other third party services to collect Personal Information through cookies and similar Tracking Technologies related to your visit to our Sites so that they may play or display ads that may be relevant to your interests on our Sites as well as on other websites or apps, or on other devices you may use. This information may also be used to make the advertisements you see online more relevant to your interests. For example, Prove or a third party may utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (e.g., Google Analytics cookie) and third party cookies (e.g., DoubleClick advertising cookie) or other third party cookies together to inform, optimize, and display ads based on your past visits to the Sites. To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may visit the Network Advertising Initiative’s online resources at http://www.networkadvertising.org/choices, and/or the Digital Advertising Alliance’s resources at www.aboutads.info/choices. You may also control your advertising preferences or opt-out of certain Google advertising Solutions by visiting the Google Ads Preferences Manager, available at https://google.com/ads/preferences as of the effective date of this Policy.
7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
Keeping information safe. Prove maintains reasonable administrative, technical and physical security measures to protect your Personal Information, including unauthorized access and use. However, no security system is impenetrable. In the event that any Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised, and take other steps, in accordance with any applicable laws and regulations. In the event Personal Information in our possession is affected by a security event, we will notify our Clients (and where appropriate, consumers directly) in accordance with our contractual obligations and applicable law.
Data retention. We may retain your Personal Information as long as appropriate for business purposes, unless we are required by law, regulation or for litigation and regulatory investigations to keep it for longer periods of time. Any Personal Information that we have acquired, either directly or from third parties, and that is no longer needed for any business or record-keeping purposes, is disposed of securely and in compliance with established best practices for secure data destruction and/or de-identification. Personal Information that we have processed on behalf of our Clients may be retained, stored, and deleted but only in accordance with our contractual obligations and in compliance with applicable law.
8. LINKS TO OTHER WEBSITES
Our Sites may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites which are not Prove-branded and services. Personal Information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing Third Party Site links on our Sites, Prove does not imply that we endorse or have reviewed the privacy policies of these sites. Please contact the Third Party Sites directly for information on their privacy policies and practices.
Prove does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to Prove through the Sites or Solutions, please contact us at email@example.com and we will endeavor to delete that information from our databases.
10. YOUR CALIFORNIA, NEVADA AND OTHER STATE OPT-OUT PRIVACY RIGHTS
If you are a California resident, you may be entitled to opt out from having your Personal Information shared or used under California Civil Code Section 1798.83. If you are a California or Nevada resident, you may be entitled to opt out of the sale of your Personal Information the California Civil Code Section 1798.83, or under Nevada Senate Bill 220 respectively. If you are a resident of any other State, you may be entitled to similar rights. You may make an opt-out or related request by contacting using the contact information in Section 13 below or clicking the “Exercise Your Rights” or “Do Not Sell My Personal Information” links at the bottom of Prove’s website.
11. YOUR RIGHTS IF YOU ARE LOCATED IN THE EU OR SWITZERLAND
Under the GDPR or EU Data Protection Laws, Prove may be considered a data controller and/or a data processor depending on the nature of the transaction.
Legal Basis for Processing in the EU: In the EU, the purposes for which Prove processes your personal data (as defined under applicable laws) are:
Prove may also process personal data on the basis of your freely given, specific, informed, and unambiguous consent. You should be aware that you are entitled under EU Data Protection Laws to withdraw your consent where that has been given, at any time. If you do this and we have no alternative lawful reason to process your personal data, this may affect our ability to provide you with rights to use the Sites as well as our Solutions.We may store personal data for as long as necessary to fulfill the purposes for which we process the data, except if required otherwise by law.Special Categories of Data: Prove Solutions will not directly and will not intentionally collect, store, process, and transmit the following special categories of Personal Data as defined by the GDPR:
Specific Rights under the GDPR: If you are a European citizen, you may have the right to access and manage your personal data in those instances where we control such information and to the extent that the request does not expose any personal data about another person, does not adversely affect the rights and freedoms of others, or otherwise conflicts with applicable laws. More specifically, you may have the following rights in respect of your personal data that we hold:
Additionally, you have the right not to be subject to a decision based solely on automated processing, including profiling. Our Solutions are not used by our Clients to determine credit worthiness. Our Solutions are used to assess the probability of you being the person you’re claiming to be and help avoid fraudulent activities. If you interact with our Solutions through one or more of our Clients, please contact that Client directly in order to understand how they use our Solutions within their current processes, contest any decisions they have made based on our processing, and/or verify your identity.
In the instances where we control your data and you wish to exercise any of these rights, you may contact us in writing at the address below or via email at firstname.lastname@example.org at any time, or by using the “Exercise Your Rights” link at the bottom of our website. We will comply with applicable laws, but may not be able to honor your request in all circumstances.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
International Transfers: Personal Information received on behalf of Clients for the United States market are processed on servers located in the United States. Personal information received on behalf of Clients based or servicing primarily the European Economic Area countries are processed on servers based in Europe. Your Personal Information, if stored, may also be transferred to locations outside Europe from vendors or Trusted Sources we use.
Where we transfer your Personal Information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:
In other circumstances, the law may permit us to otherwise transfer your Personal Information outside Europe. In all cases, however, any transfer of your Personal Information will be compliant with applicable data protection law.
You can request more details of the protection given to your Personal Information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by using the details set out below in the “Contacting Us” section.
Consequences of Non-Compliance: The GDPR states that penalties for non-compliance with the GDPR must be effective, proportionate and dissuasive for each individual case. Proveunderstands that GDPR-related fines can be up to 10 million euros or up to 2% of our entire global turnover of the preceding fiscal year, whichever is higher.
12. LOCAL COUNTRY LAWS OUTSIDE OF THE EU
Where local countries laws outside the EU or United States apply to Solutions offered to our Clients or our Sites, we comply where applicable. If such laws apply to you and you have additional questions, please reach out us at emailing us at email@example.com, by writing to us at Prove (fka Payfone, Inc.), 245 5th Avenue, 20th Floor, New York, NY 10016, or by using the “Exercise Your Rights” link at the bottom of our website.
14. CONTACTING US
You can also contact Prove’s Data Protection Officer by writing to:
Prove (fka Payfone, Inc.)
ATTN: Legal & Compliance Department
245 5th Avenue, 20th FloorNew York, NY 10016
Welcome to the Prove website at (www.prove.com). Payfone, Inc. d/b/a Prove (hereinafter “Prove, “we”, “our” or “us”) provides products and services for mobile and digital identity and authentication (our “Solutions”) to businesses and organizations and their affiliates (our “Clients”). Our Solutions help Clients prevent fraud, including helping Client’s verify consumer identities when Clients engage with consumers when online, using mobile devices, or calling Client call centers. In short, we provide business-to-business Solutions. If you are searching for information about what we do and how we process Personal Information, please read through all of the information provided in this Policy.