Privacy Policy
Provenir Group is committed to protecting your privacy and your personal data. This notice explains what personal data we collect from: (i) individuals visiting Provenir’s website (“Site Visitors”), (ii) entities contracting for Provenir’s products and platforms (“Provenir Customers”) and (iii) individuals engaging with Provenir’s products and platforms through Provenir Customers (“End Consumers”), and how we will use it.
This notice will be reviewed at least annually. By using our website, you are agreeing to be bound by the information in this notice.
Should you have any questions about this notice please send your enquiry by email to dpo@provenir.com
1. Introduction to Provenir
Provenir Group is headquartered at Morris Corporate Center 2, 1 Upper Pond Road, Building F – 4th Floor in Parsippany, New Jersey, in the United States and has offices in the United Kingdom, India, Brazil and Singapore. Provenir Group is the data controller in respect of the activities referred to under this notice and is responsible for your personal data (collectively referred to as Provenir, “we”, “us” or “our” in this notice.) Provenir is also a data processor where we are providing services to Provenir Customers, the details of which will be set out in the relevant Provenir Customer contract.
Provenir Group entities and trading names include Provenir UK Ltd, Provenir AI Ltd, Provenir Data and 1datapipe (powered by Provenir AI).
2. Information we collect
We obtain information about you through the means outlined below when we provide Services to our Customers.
Information Collected via our Data Partnership Marketplace. Our Data Partnership Marketplace (Marketplace) is a data sharing group comprised of our Customers that share data for collective benefit. The Customers that participate in our Marketplace are the entities that collect information about you (data Controller). This information includes but may not be limited to, your name, date of birth, email address, address, phone number, financial information, Identification numbers, fraud data and any other information collected in the course of the performance of a contract or service being provided to you, or for the purposes of verifying your identity.
Information Collected from Third Parties. In addition to the information we collect about you from our Customers, we may collect information about you from the following third party sources:
- Publicly available sources, including governmental public records, the public internet and social media;
- Information from credit reference agencies for the purposes of identifying and preventing fraud;
- Customers who join the Marketplace via a customer reseller agreements;
- Data bought by Provenir from external parties to enhance the quality and accuracy of our products or services.
Information Provided by Customers to Use our Services. When Customers subscribe to use the Services we provide, we may collect personal contact information regarding users of the Services and financial information for billing purposes (“Customer Information”).
3. How we may use your information
We use your information to provide, support, and develop our Services. In particular, we may use your information to:
-
Provide our Services. We use your information to provide our Customers with our Services, such as our decisioning and fraud products, access to Marketplace or via the 1datapipe verification platform.
-
Operate our Services. We use your information and Customer Information to analyze use of the Services and improve the content, functionality and usability of the Services; secure the Services and investigate and help prevent fraud, security issues, and abuse; and understand and resolve Services crashes and other issues being reported.
-
Other Internal Purposes. We may use your information or Customer Information to comply with any procedures, laws, and regulations where necessary for our legitimate interests or legitimate interests of others; and establish, exercise, or defend our legal rights where necessary for our legitimate interests or the legitimate interests of others, including the enforcement of our Business Agreements, other usage policies, and other legal terms or controls, or to engage in other legal matters.
-
Other Purposes. We may use your information or Customer Information for any other purpose with your consent.
-
Combine Information. For the purposes discussed in this Privacy Notice, we may combine the information that we collect through the Services with information we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Notice.
-
Aggregate/De-Identified Information. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties at our discretion.
4. Legal bases for the use of your information
The legal bases for using your information and Customer Information as set out in this Privacy Notice are as follows:
-
as necessary for our legitimate interests or the legitimate interests of others where those interests do not override your fundamental rights and freedom related to data privacy;
-
with your consent; and
-
as necessary to perform our agreement to provide Services.
5. How we may share your information
We will share the information collected from and about you for the various business purposes described above, both with service providers and with third parties.
-
Provision of services. We may share your information with our customers in the provision of our services where we have a lawful basis to do so.
-
Corporate Transactions. We may share information in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction.
-
Service Providers. We may share information collected with select third parties who use the information to provide services on our behalf, such as Services operation, surveys, web hosting, marketing and sales, billing and payments processing, analytics and online advertising, security, fraud prevention, and legal services.
-
For Legal Purposes. We reserve the right to disclose information to third parties when we, in good faith, believe that such access or disclosure is reasonably necessary to comply with the law, regulation, legal process or a governmental request. We may also disclose your information to enforce our Business Agreements; to detect, prevent, or otherwise address fraud, security, or technical issues; to respond to user support requests; and to protect the rights, property or safety of Provenir Group, our Customers, and the public.
-
At Your Direction. We may share information with third parties when you direct us to do so.
6. Sensitive Personal Data
In order to ensure compliance with various privacy regulations, we will only use sensitive personal data where we have a lawful basis to do so.
7. Cookies and similar technologies
To collect the information in the “Information Collected from Website Visitors” section above, we and our service providers use web server logs, cookies, tags, SDKs, tracking pixels, and similar tracking technologies. We use these technologies, with your consent, in order to offer you a more tailored experience in the future.
-
A web server log is a file where online activity is stored, it is used for diagnosing errors or website traffic issues.
-
An SDK is a set of tools and/or code that we embed in our applications and software to perform certain functions, such as allowing us or third parties to collect information about how you interact with the Services.
-
A cookie is a small text file that is placed on your computer or mobile device when you use the Services, that enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the web pages you have visited on our Services and elsewhere; (iv), we do not knowingly collect data on anyone under 18. (v)enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (vi) perform searches and analytics; and (vii) assist with security and administrative functions.
-
Tags or tracking pixels (sometimes also referred to as web beacons or clear GIFs) are small code (sometimes containing, generating, or detecting a unique identifier) embedded in websites, online ads, and email that can be used for purposes such as generating web server log or reading or writing cookies for the purposes described above.
As we adopt additional technologies, we may also gather information through other methods.
You can control what cookies, if any, are stored on your computer. You can choose to adjust your browser settings or use other means to prevent cookies being stored on your computer. However, this may result in reduced access to our Site.
Cookie consent will be reviewed and updated on a regular basis.
Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.
8. Online analytics and advertising
Analytics. We may use third-party analytics services on our Services to collect and analyze usage information through cookies and similar technologies; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to our Customers.
Advertising. When you use the Services or visit our website, we may display advertising to you about our products, services, and related features that we think may be of interest to you to improve and personalize your use of the Services. We may personalize ads based on various factors such as the features you are using, demographic and geographic data, and other information that we collect about you.
In order to provide this advertising, we may use third party providers who may place cookies or other tracking technologies, on your device to collect information about your use of the Services in order to provide interest-based advertising to you on other websites.
We neither have access to, nor does this Privacy Notice govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device by non-affiliated, third-party providers.
9. How we protect your information
Provenir is ISO27001 and SOC2 certified. We store our data on an encrypted cloud-based storage server where permissions are controlled by predetermined access privileges. Persons who have access to the data are subject to a duty of confidentiality. Wherever possible we will host your personal data within the same geographic region in which you reside, however the information which you provide to us may be transferred to countries outside of the geographical region if we are contracted to do so.
10. Data Transfers
By submitting your personal data, you’re agreeing to the transfer, storing or processing by Provenir. If we transfer your personal data outside of the geographic region of residence, we will take steps to ensure that one of the following security measures is in place:
-
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
-
Where we use certain service providers, we may use specific contracts and clauses and transfer mechanisms approved for use which give personal data the same protection it has in its origin country.
If you use our services while you are outside the UK/EU, your personal data may be transferred outside the UK/EU in order to provide you with those services and we will ensure that appropriate levels of protection are in place.
11. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use of disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
12. Your legal rights
You have rights under data protection laws in relation to your personal data. Under certain circumstances, you have the right to:
-
Request access to your personal data.
-
Request correction of your personal data.
-
Request erasure of your personal data.
-
Object to processing of your personal data.
-
Request restriction of processing your personal data.
-
Request transfer of your personal data.
-
Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us via this form and we will action your request as required.
Depending on the laws of your local jurisdiction, you may also be permitted to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney which must be presented to us. We may also follow up with you to verify your identity before processing the authorized agent’s request.
Please note that, regardless of any of your requests, we may still use and share certain information as permitted by this Privacy Notice or as required by applicable law.
13. Changes to this Privacy Notice
We reserve the right to update or modify this notice at any time to reflect changes in Data Protection Laws, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Notice accessible through our website. You can know if the Privacy Notice has changed since the last time you reviewed it by checking the “Review Date” included in this document. If we make a material change, we will provide you with notice in accordance with legal requirements. Your use of the Services following any such change constitutes your agreement that all information collected from or about you after the revised Privacy Notice is posted will be subject to the terms of the revised Privacy Notice.
If you have any questions regarding this Privacy Notice, please contact dpo@provenir.com
Last updated March 2023