Sift Privacy Shield Notice

Effective Date: May 9, 2019

Introduction

General

At Sift Science, Inc. (“Sift”, “we” or “us”), we are committed to protecting your privacy. For those users that visit our web or mobile sites, or in connection with visits to our offices, our events, sales, and marketing activities, we describe our practices in our Website Policy located here. We have an additional policy, our Service Policy, (located here) that describes how we use the personal information we receive from our customers, (and their end users and authorized users) in connection with our digital trust and safety services.

Personal Data from the EU, Switzerland, and UK

This Privacy Shield Notice sets out the privacy principles we follow with respect to transfers of personal information from the European Economic Area ("EEA"), Switzerland, and the United Kingdom to the United States (collectively, “EU Exported Data”), including personal information we receive from our customers, as well as information from individuals who visit our web and mobile sites, or in connection with visits to our offices, our events, sales, and marketing activities. This Privacy Shield Notice applies only to EU Exported Data.

We comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce (the “Shield”) regarding the collection, use and retention of personal information from the EU, Switzerland, and the United Kingdom. Sift has certified to the Department of Commerce that it adheres to the Privacy Shield Principles in respect of all personal information received from such covered countries in reliance on the Shield.

The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For more information about the Privacy Shield generally, and to view our certification online, please visit https://www.privacyshield.gov.

Types of personal information we collect and use

The types of personal information we may receive in the United States, as well as the purposes for which it is processed, are set out in our Site Privacy Policy and Service Privacy Policy respectively.

We will only process personal information in ways that are compatible with the purposes for which it was collected, or for purposes you later authorize. Before we use your personal information for a materially different purpose, we will provide you with the opportunity to opt-out.

Transfers to third parties

Information about the types of third parties to which we disclose personal information and the purposes for which we do so is described in our Site Privacy Policy and Service Privacy Policy.

If we transfer any of your personal information to a third party acting as an agent, we will be responsible for any acts of those third party agents that are inconsistent with the Privacy Shield Principles, unless otherwise provided by law.

Disclosures for national security or law enforcement

Please note that under certain circumstances, we may be required to disclose your personal information in response to lawful requests by public authorities, including requests relating to national security or law enforcement requirements.

Access rights

You may have the right to access personal information that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of a third party. If you would like to request access to, correction, amendment, or deletion of your personal information, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity.

Your choices

To find out more about the choices and means available to you for limiting the use and disclosure of your personal information, please see the section entitled "Your Privacy Rights" in the Site Privacy Policy and "Individual Privacy Rights" in the Service Privacy Policy.

Questions or complaints

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EEA, UK, and Swiss individuals with inquiries or complaints regarding our Privacy Shield practices should first contact us at privacy@sift.com or in writing to:

Sift Science, Inc.
Attn: Privacy Officer
123 Mission Street, 20th Floor
San Francisco, CA 94105

We will investigate and attempt to resolve any Shield-related complaints or disputes within forty-five (45) days of receipt.

If you have an unresolved Privacy Shield complaint that we have not addressed satisfactorily, please contact JAMS, our US-based third party dispute resolution provider free of charge. To find out more, go to https://www.jamsadr.com/eu-us-privacy-shield or to make a complaint directly, please use this form at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.

You may also have the option to select binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the Privacy Shield's binding arbitration scheme please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Changes to this Notice

We reserve the right to amend this Notice from time to time consistent with the Privacy Shield's, requirements.