Privacy Policy for UK and EU countries
Effective date: October 2025
Fraud Deflect is committed to your right to privacy. Reference to “Fraud Deflect,” “we,” “us,” “our” or the “Company” is a reference to Fraud Deflect, LLC, the data controller. We may also process your data through relevant affiliates of Fraud Deflect, LLC involved in the data processing activity, including the collection, holding use and disclosure of Personal Data. Our representative in the EU is privacy@frauddeflect.com.
This privacy policy “the “Privacy Policy”) is an integral part of our terms and conditions applicable to you and governs the data collection, processing, use, transfer and disclosure made by us in connection with processing activities where we act as a controller. When we act as a controller, the processing activities are related to:
(i) Visitors to our website: www.frauddeflect.com (respectively, “Visitor” and “Website”);
(ii) Fraud Deflect customers, including merchants and retailers that utilize the services provided by Fraud Deflect, including fraud detection and prevention services (respectively, “Merchants” and the “Fraud Deflect Solution”); and
(iii) Other related services and applications (collectively, the “Services”).
When we act as a processor, we process Personal Data on behalf of Merchants with respect to transactions made by Merchant’s customers (a “Customer”), which are monitored by the Fraud Deflect Solution. If you are a Customer, we are a data processor of your Personal Data on behalf of the Merchant, who is the data controller. Please refer to Merchant’s privacy policy for more information on the processing of your data.
This Privacy Policy shall not be construed in any manner to derogate from the terms and conditions of the Website, or any other agreement or understanding between Fraud Deflect and you.
Except as required by local law, the English language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies or discrepancies with translated versions of this Privacy Policy (including any related documents).
THE HIGHLIGHTS:
● Our Website and Services are intended for Users over the age of 16, or equivalent minimum age for either providing consent to processing of Personal Data or using the Services in the relevant jurisdiction. Users under such age are not permitted to use the Services. In certain jurisdictions using the Services may be restricted for Users under the age of 18 or 21.
● In certain jurisdictions, such as the European Union and the United Kingdom, you will be entitled under applicable law to request; review access; amend, correct, erase; restrict; or port the Personal Data processed by us. Please note that in case you request to erase, or restrict the processing, or withdraw consent to the processing of your Personal Data, your use of the Services may be restricted or disabled.
● We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.
● If you have any questions or requests regarding your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: privacy@frauddeflect.com.
What is Personal Data, and what data is collected about me by Fraud Deflect?
“Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information about an identifiable individual or that identifies or can be used to identify a natural person, directly or indirectly, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address or other online identifiers, billing information, information concerning households, devices etc. “Non-Personal Data”, means non-identifiable aggregated data or anonymized data that falls outside the definition of Personal Data. This data is not used to identify individuals.For what purposes and based on which legal bases do we process your Personal Data?
In general, we may use certain of the Personal Data mentioned herein for the scenarios described below.
We may also process personal data in order to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services. We may also use the Personal Data mentioned herein to enforce the agreement applicable to you, as well as to protect the security or integrity of our databases and Services. Such processing is based on our legitimate interests or based on legal obligation.
Below, we describe three scenarios where we may use Personal Data. In each scenario we separately describe (i) the type of user and type of data, (ii) the purposes for which we may collect, use or disclose this Personal Data, (iii) the legal basis under GDPR for collecting this information, if applicable, and (iv) the retention periods.
Scenario A
When acting as a controller of Merchants related data, Personal Data is only used for the purposes specified below:
Type of user and type of Data
If you register as a Merchant to our Services, we will collect, use and disclose your information during the registration process. Such information includes, but is not limited to, your name, position, region, company, email address, contact details of your contact person, financial information (e.g., bank account details), etc. This information is collected from you directly when you engage with us (for instance when executing an agreement with us or signing a purchase order). We collect this information directly from you when you ask for a demo or when you engage with Fraud Deflect in a merchant agreement.
Fraud Deflect is committed to your right to privacy. Reference to “Fraud Deflect,” “we,” “us,” “our” or the “Company” is a reference to Fraud Deflect, LLC, the data controller. We may also process your data through relevant affiliates of Fraud Deflect, LLC involved in the data processing activity, including the collection, holding use and disclosure of Personal Data. Our representative in the EU is privacy@frauddeflect.com.
This privacy policy “the “Privacy Policy”) is an integral part of our terms and conditions applicable to you and governs the data collection, processing, use, transfer and disclosure made by us in connection with processing activities where we act as a controller. When we act as a controller, the processing activities are related to:
(i) Visitors to our website: www.frauddeflect.com (respectively, “Visitor” and “Website”);
(ii) Fraud Deflect customers, including merchants and retailers that utilize the services provided by Fraud Deflect, including fraud detection and prevention services (respectively, “Merchants” and the “Fraud Deflect Solution”); and
(iii) Other related services and applications (collectively, the “Services”).
When we act as a processor, we process Personal Data on behalf of Merchants with respect to transactions made by Merchant’s customers (a “Customer”), which are monitored by the Fraud Deflect Solution. If you are a Customer, we are a data processor of your Personal Data on behalf of the Merchant, who is the data controller. Please refer to Merchant’s privacy policy for more information on the processing of your data.
This Privacy Policy shall not be construed in any manner to derogate from the terms and conditions of the Website, or any other agreement or understanding between Fraud Deflect and you.
Except as required by local law, the English language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies or discrepancies with translated versions of this Privacy Policy (including any related documents).
THE HIGHLIGHTS:
● Our Website and Services are intended for Users over the age of 16, or equivalent minimum age for either providing consent to processing of Personal Data or using the Services in the relevant jurisdiction. Users under such age are not permitted to use the Services. In certain jurisdictions using the Services may be restricted for Users under the age of 18 or 21.
● In certain jurisdictions, such as the European Union and the United Kingdom, you will be entitled under applicable law to request; review access; amend, correct, erase; restrict; or port the Personal Data processed by us. Please note that in case you request to erase, or restrict the processing, or withdraw consent to the processing of your Personal Data, your use of the Services may be restricted or disabled.
● We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.
● If you have any questions or requests regarding your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: privacy@frauddeflect.com.
What is Personal Data, and what data is collected about me by Fraud Deflect? “Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information about an identifiable individual or that identifies or can be used to identify a natural person, directly or indirectly, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address or other online identifiers, billing information, information concerning households, devices etc. “Non-Personal Data”, means non-identifiable aggregated data or anonymized data that falls outside the definition of Personal Data. This data is not used to identify individuals.
For what purposes and based on which legal bases do we process your Personal Data?
In general, we may use certain of the Personal Data mentioned herein for the scenarios described below.
We may also process personal data in order to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services. We may also use the Personal Data mentioned herein to enforce the agreement applicable to you, as well as to protect the security or integrity of our databases and Services. Such processing is based on our legitimate interests or based on legal obligation.
Below, we describe three scenarios where we may use Personal Data. In each scenario we separately describe (i) the type of user and type of data, (ii) the purposes for which we may collect, use or disclose this Personal Data, (iii) the legal basis under GDPR for collecting this information, if applicable, and (iv) the retention periods.
Scenario A
When acting as a controller of Merchants related data, Personal Data is only used for the purposes specified below:
Type of user and type of Data If you register as a Merchant to our Services, we will collect, use and disclose your information during the registration process. Such information includes, but is not limited to, your name, position, region, company, email address, contact details of your contact person, financial information (e.g., bank account details), etc. This information is collected from you directly when you engage with us (for instance when executing an agreement with us or signing a purchase order). We collect this information directly from you when you ask for a demo or when you engage with Fraud Deflect in a merchant agreement.
Fraud Deflect is committed to your right to privacy. Reference to “Fraud Deflect,” “we,” “us,” “our” or the “Company” is a reference to Fraud Deflect, LLC, the data controller. We may also process your data through relevant affiliates of Fraud Deflect, LLC involved in the data processing activity, including the collection, holding use and disclosure of Personal Data. Our representative in the EU is privacy@frauddeflect.com.
This privacy policy “the “Privacy Policy”) is an integral part of our terms and conditions applicable to you and governs the data collection, processing, use, transfer and disclosure made by us in connection with processing activities where we act as a controller. When we act as a controller, the processing activities are related to:
(i) Visitors to our website: www.frauddeflect.com (respectively, “Visitor” and “Website”);
(ii) Fraud Deflect customers, including merchants and retailers that utilize the services provided by Fraud Deflect, including fraud detection and prevention services (respectively, “Merchants” and the “Fraud Deflect Solution”); and
(iii) Other related services and applications (collectively, the “Services”).
When we act as a processor, we process Personal Data on behalf of Merchants with respect to transactions made by Merchant’s customers (a “Customer”), which are monitored by the Fraud Deflect Solution. If you are a Customer, we are a data processor of your Personal Data on behalf of the Merchant, who is the data controller. Please refer to Merchant’s privacy policy for more information on the processing of your data.
This Privacy Policy shall not be construed in any manner to derogate from the terms and conditions of the Website, or any other agreement or understanding between Fraud Deflect and you.
Except as required by local law, the English language version of this Privacy Policy shall be controlling in all respects and shall prevail in case of any inconsistencies or discrepancies with translated versions of this Privacy Policy (including any related documents).
THE HIGHLIGHTS:
● Our Website and Services are intended for Users over the age of 16, or equivalent minimum age for either providing consent to processing of Personal Data or using the Services in the relevant jurisdiction. Users under such age are not permitted to use the Services. In certain jurisdictions using the Services may be restricted for Users under the age of 18 or 21.
● In certain jurisdictions, such as the European Union and the United Kingdom, you will be entitled under applicable law to request; review access; amend, correct, erase; restrict; or port the Personal Data processed by us. Please note that in case you request to erase, or restrict the processing, or withdraw consent to the processing of your Personal Data, your use of the Services may be restricted or disabled.
● We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein.
● If you have any questions or requests regarding your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: privacy@frauddeflect.com.
What is Personal Data, and what data is collected about me by Fraud Deflect? “Personal Data” or “Personal Information” (will be referred together as “Personal Data”), means any information about an identifiable individual or that identifies or can be used to identify a natural person, directly or indirectly, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address or other online identifiers, billing information, information concerning households, devices etc. “Non-Personal Data”, means non-identifiable aggregated data or anonymized data that falls outside the definition of Personal Data. This data is not used to identify individuals.
For what purposes and based on which legal bases do we process your Personal Data?
In general, we may use certain of the Personal Data mentioned herein for the scenarios described below.
We may also process personal data in order to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services. We may also use the Personal Data mentioned herein to enforce the agreement applicable to you, as well as to protect the security or integrity of our databases and Services. Such processing is based on our legitimate interests or based on legal obligation.
Below, we describe three scenarios where we may use Personal Data. In each scenario we separately describe (i) the type of user and type of data, (ii) the purposes for which we may collect, use or disclose this Personal Data, (iii) the legal basis under GDPR for collecting this information, if applicable, and (iv) the retention periods.
Scenario A
When acting as a controller of Merchants related data, Personal Data is only used for the purposes specified below:
Type of user and type of Data If you register as a Merchant to our Services, we will collect, use and disclose your information during the registration process. Such information includes, but is not limited to, your name, position, region, company, email address, contact details of your contact person, financial information (e.g., bank account details), etc. This information is collected from you directly when you engage with us (for instance when executing an agreement with us or signing a purchase order). We collect this information directly from you when you ask for a demo or when you engage with Fraud Deflect in a merchant agreement.
Purposes for which we may collect, use or disclose this Personal Data
Legal basis under the GDPR
● To onboard you to our Services and/or to implement the Fraud Deflect Solution within your platform
● To identify authorized users to access the Services
● To perform the contract to which the Merchant is a party.
● In order to take steps at the request of the Merchant prior to entering into a contract with a Consumer.
● Necessity of processing for the purposes of the legitimate interests of Fraud Deflect to ensure security the Services and confidentiality.
● To fulfill our legal obligations.
● To provide you with the Services
● To resolve any disputes, communicate with you regarding customer service and support issues, and to respond to questions or comments and help resolve any problems.
● To perform the contract to which the Merchant is a party.
● Necessity of processing for the purposes of the legitimate interests of Fraud Deflect to provide effective Services and defend Fraud Deflect rights and interests when disputes arise.
● To engage in marketing activities.
● Based on your consent when you subscribed to Fraud Deflect mailing lists.
● When we already have a contractual relationship with you, we may send commercial information based on our legitimate interests to send you information about similar products and services as those that you may have already contracted.
● To resolve any disputes.
● Necessity of processing for the purposes of the legitimate interests of Fraud Deflect to defend Fraud Deflect rights and interests when disputes arise.
● To fulfill our legal obligations (related to tax, commercial and administrative laws, etc.).
● To fulfill our legal obligations.
Scenario B
When acting as a controller of Website and Service users’ data, Personal Data is only used for the purposes specified below:
Type of user and type of Data
Technical Information, Geolocation and Online Identifiers: we collect technical information transmitted by your device when using the Website and/or Services, this information includes: type of the operating system and device used to access the Website, date and time stamp, language preferences, approximate geolocation (i.e., country/state), and your actions such as page views, search queries, etc. This information is collected automatically from you when you are using the Website and/or Services.
Contact Us Information: if you contact us via the “Contact Us” or “Book a Demo” feature available through the Website our otherwise, we may collect certain information regarding you, such as your full name, your email address, your phone number, your company and how many chargebacks you receive a month on average. We collect this information directly from you when you contact us.
Purposes for which we may collect, use or disclose this Personal Data
Legal basis under the GDPR
● To identify authorized users of the Services
● To allow you to access and use the Services
● Necessity of processing for the purposes of the legitimate interests of Splitit to manage and improve our website and Services.
● To perform the contract with you.
● For “Contact Us” information:
● To answer your queries and provide you with the services you requested from us.
● To resolve any disputes
● Necessity of processing for the purposes of the legitimate interests of Splitit to manage and improve our Website and Services and defend our rights and resolve complaints.
● Your consent.
● To perform a contract we may have with you.
● To fulfil our legal obligations.
Does Fraud Deflect use cookies?
Yes, we use data files such as cookies, pixel tags, “Flash cookies” or other local storage files provided by your browser or associated applications. We use these technologies for different purposes such as in order to recognize you as a user; customize our Site and Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Website and Services. These cookies also help us track how visitors use the Site and our Services.Will Fraud Deflect Share My Personal Data With Others?
WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.4.1 Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to improve fraud detection and prevention, account security, abuse and incident response and service integrity for our Merchants.
4.2 Regarding Merchant’s Personal Data when we act as a controller, we share Personal Data only under the following limited circumstances:
4.2.1 With partners who are an integral part of our Services, such as the card network, processor, gateway or ISO with whom our Merchants process payment transactions.
4.2.2 With trusted third parties who assist us in operating the Services and conducting our business.
4.2.3 As necessary to provide the Services, based on our legitimate interest in preventing illegal and fraudulent actions.
4.2.4 To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganization, dissolution or similar event.
4.2.5 Other third parties with your consent or direction to do so.
4.3 Regarding Customer’s Personal Data, when we act as a processor, please refer to the Merchant’s privacy policy. We may share data, acting under Merchants’ instructions and on their behalf, with credit card processors, acquirers, banking institutions, payment gateways, card networks and other trusted third parties who assist us in providing the Fraud Deflect Services and conducting our business.
Will Fraud Deflect transfer my Personal Data internationally?
Personal Data will be held on servers located in the U.S. and may be processed by our team in Brazil. Therefore, your Personal Data may be stored or processed in countries in which the privacy laws provide for a different level of protection for your Personal Data than that which exists in your country of residence.
The European Commission and U.K. authorities have decided that the U.S. ensures an adequate level of privacy and data protection. Therefore, in accordance with the GDPR, the transfer of Personal Data from the E.U./U.K. to the U.S. and Brazil is safeguarded due to an adequacy decision of the Europenan Commission and does not require any specific authorization.
Our servers are located in the U.S. within providers adhered to the data privacy framework and, as a result, the transfer of Personal Data from the E.U./U.K. to U.S. is also safeguarded due to an adequacy decision of the European Commission and does not require any specific authorization.
Any other transfer of Personal Data originating from the E.U./U.K. to a third country (other than ones above to the U.S. and Brazil) shall be made in accordance with applicable law, including by providing adequate protections, or otherwise implementing appropriate safeguards to ensure the protection of our users’ rights. For instance, the Standard Contractual Clauses of the European Commission have been incorporated into the Fraud Deflect’s Data Protection Addendum. You can obtain a copy of such contract or more information about our practices and policies with respect to our use of service providers and the jurisdictions in which they are located, by the contact information provided below.Will I receive promotional materials from Fraud Deflect?
If you (e.g., a website user) provided us with your consent, we may send information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using an “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@frauddeflect.com asking to opt-out.Persons under 16
Our Website is a general audience Website, which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases. Please note that in certain jurisdictions you may be banned from using the Fraud Deflect Services unless you are 18 or 21 years old.Users rights with respect to Personal Data
For those processing activities where we act as a controller and subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data.Individuals’ rights under data protection and privacy laws, include:
● The right to confirm whether or not we hold your Personal Data;
● The right to access your Personal Data and being provided with a copy of the
Personal Data that we hold, and the right to rectify your Personal Data;
● The right to request access to the Personal Data that we hold about you and correct it if it is inaccurate, incomplete or out of date. If we do not give you access to your Personal Data or we do not agree to your request for correction, we will provide you with reasons why. If you are not satisfied with our decision or reasons, please see Section 12 below. If we agree to grant you access or to correct your Personal Data, usually we will do this as soon as reasonably practicable following receipt of your request and in any event within the deadline established in applicable laws;
● The right to erasure of your Personal Data;.
● The right to restrict the use and disclosure of your Personal Data;.
● The right to object to collection, use or disclosure of your Personal Data;.
● The right to data portability; (i.e. to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller).
● The right to complain to a supervisory authority (in the event that you are a European Economic Area (“EEA”) or U.K. resident), particularly, you can lodge a complaint to the Supervisory Authorities of the Member State of your habitual residence, place of work or of an alleged infringement of data protection laws. Also, a link to the address of each authority can be found here; and
● The right to withdraw consent
Please review our User Rights Policy regarding your rights under applicable law.
You may exercise any or all of your above rights in relation to your Personal Data (including to request access to and/or correct your Personal Data held by us) by completing the Data Subject Request form and sending it to our privacy team at privacy@frauddeflect.com. We may request additional information from you when you contact us with a DSR, in order to verify your identity, to determine the laws applicable to you, and to locate your data. It may take time to process requests in a way that is consisten with applicable privacy law (e.g., under the GDPR, this is generally expected to be up to one month).
For those processing activities where we act as a processor, individuals looking to assert their rights with respect to their Personal Data should contact their respective Merchants.
How does Fraud Deflect protect my data?
Fraud Deflect implements measures to reduce the risks of loss of information and unauthorized access or use of information. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, including locks, unique access codes and closed circuit TV protection of relevant data storage sites. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.. Data Retention
Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. Upon customer request, we delete or return personal data within sixty (60) days.. Applicable Laws
The provisions included in this Privacy Policy relating to matters that may be regulated under the GDPR and therefore will apply only to the processing of Personal Data (or Personal Information) which is subject to the GDPR in accordance with the applicability provisions contained therein. Additionally, collection and processing of certain Personal Data by Fraud Deflect may be regulated under Federal laws or other applicable laws.. Questions or concerns or rights requests regarding privacy
If you have any questions or concerns regarding privacy issues, please send us a detailed message to privacy@frauddeflect.com and we will make every effort to resolve your concerns without delay.
Fraud Deflect may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website and shall be effective as of the date in which they are posted on the Website. If you require a copy of this Privacy Policy in a different format, such as a PDF or hard copy, please contact us at privacy@frauddeflect.com and we will take reasonable steps to comply with your request.
You may exercise any or all of your above rights in relation to your Personal Information by filling out the DSR Form and send it to our privacy team at: privacy@frauddeflect.com.
CONTACT US
If you have any questions about this Privacy Policy, you may contact us as follows: By sending us an email at: privacy@frauddeflect.com.
Does Fraud Deflect use cookies?
Yes, we use data files such as cookies, pixel tags, “Flash cookies” or other local storage files provided by your browser or associated applications. We use these technologies for different purposes such as in order to recognize you as a user; customize our Site and Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Website and Services. These cookies also help us track how visitors use the Site and our Services.Will Fraud Deflect Share My Personal Data With Others?
WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.4.1 Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to improve fraud detection and prevention, account security, abuse and incident response and service integrity for our Merchants.
4.2 Regarding Merchant’s Personal Data when we act as a controller, we share Personal Data only under the following limited circumstances:
4.2.1 With partners who are an integral part of our Services, such as the card network, processor, gateway or ISO with whom our Merchants process payment transactions.
4.2.2 With trusted third parties who assist us in operating the Services and conducting our business.
4.2.3 As necessary to provide the Services, based on our legitimate interest in preventing illegal and fraudulent actions.
4.2.4 To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganization, dissolution or similar event.
4.2.5 Other third parties with your consent or direction to do so.
4.3 Regarding Customer’s Personal Data, when we act as a processor, please refer to the Merchant’s privacy policy. We may share data, acting under Merchants’ instructions and on their behalf, with credit card processors, acquirers, banking institutions, payment gateways, card networks and other trusted third parties who assist us in providing the Fraud Deflect Services and conducting our business.
Will Fraud Deflect transfer my Personal Data internationally?
Personal Data will be held on servers located in the U.S. and may be processed by our team in Brazil. Therefore, your Personal Data may be stored or processed in countries in which the privacy laws provide for a different level of protection for your Personal Data than that which exists in your country of residence.
The European Commission and U.K. authorities have decided that the U.S. ensures an adequate level of privacy and data protection. Therefore, in accordance with the GDPR, the transfer of Personal Data from the E.U./U.K. to the U.S. and Brazil is safeguarded due to an adequacy decision of the Europenan Commission and does not require any specific authorization.
Our servers are located in the U.S. within providers adhered to the data privacy framework and, as a result, the transfer of Personal Data from the E.U./U.K. to U.S. is also safeguarded due to an adequacy decision of the European Commission and does not require any specific authorization.
Any other transfer of Personal Data originating from the E.U./U.K. to a third country (other than ones above to the U.S. and Brazil) shall be made in accordance with applicable law, including by providing adequate protections, or otherwise implementing appropriate safeguards to ensure the protection of our users’ rights. For instance, the Standard Contractual Clauses of the European Commission have been incorporated into the Fraud Deflect’s Data Protection Addendum. You can obtain a copy of such contract or more information about our practices and policies with respect to our use of service providers and the jurisdictions in which they are located, by the contact information provided below.Will I receive promotional materials from Fraud Deflect?
If you (e.g., a website user) provided us with your consent, we may send information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using an “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@frauddeflect.com asking to opt-out.Persons under 16
Our Website is a general audience Website, which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases. Please note that in certain jurisdictions you may be banned from using the Fraud Deflect Services unless you are 18 or 21 years old.Users rights with respect to Personal Data
For those processing activities where we act as a controller and subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data.Individuals’ rights under data protection and privacy laws, include:
● The right to confirm whether or not we hold your Personal Data;
● The right to access your Personal Data and being provided with a copy of the
Personal Data that we hold, and the right to rectify your Personal Data;
● The right to request access to the Personal Data that we hold about you and correct it if it is inaccurate, incomplete or out of date. If we do not give you access to your Personal Data or we do not agree to your request for correction, we will provide you with reasons why. If you are not satisfied with our decision or reasons, please see Section 12 below. If we agree to grant you access or to correct your Personal Data, usually we will do this as soon as reasonably practicable following receipt of your request and in any event within the deadline established in applicable laws;
● The right to erasure of your Personal Data;.
● The right to restrict the use and disclosure of your Personal Data;.
● The right to object to collection, use or disclosure of your Personal Data;.
● The right to data portability; (i.e. to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller).
● The right to complain to a supervisory authority (in the event that you are a European Economic Area (“EEA”) or U.K. resident), particularly, you can lodge a complaint to the Supervisory Authorities of the Member State of your habitual residence, place of work or of an alleged infringement of data protection laws. Also, a link to the address of each authority can be found here; and
● The right to withdraw consent
Please review our User Rights Policy regarding your rights under applicable law.
You may exercise any or all of your above rights in relation to your Personal Data (including to request access to and/or correct your Personal Data held by us) by completing the Data Subject Request form and sending it to our privacy team at privacy@frauddeflect.com. We may request additional information from you when you contact us with a DSR, in order to verify your identity, to determine the laws applicable to you, and to locate your data. It may take time to process requests in a way that is consisten with applicable privacy law (e.g., under the GDPR, this is generally expected to be up to one month).
For those processing activities where we act as a processor, individuals looking to assert their rights with respect to their Personal Data should contact their respective Merchants.
How does Fraud Deflect protect my data?
Fraud Deflect implements measures to reduce the risks of loss of information and unauthorized access or use of information. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, including locks, unique access codes and closed circuit TV protection of relevant data storage sites. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.. Data Retention
Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. Upon customer request, we delete or return personal data within sixty (60) days.. Applicable Laws
The provisions included in this Privacy Policy relating to matters that may be regulated under the GDPR and therefore will apply only to the processing of Personal Data (or Personal Information) which is subject to the GDPR in accordance with the applicability provisions contained therein. Additionally, collection and processing of certain Personal Data by Fraud Deflect may be regulated under Federal laws or other applicable laws.. Questions or concerns or rights requests regarding privacy
If you have any questions or concerns regarding privacy issues, please send us a detailed message to privacy@frauddeflect.com and we will make every effort to resolve your concerns without delay.
Fraud Deflect may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website and shall be effective as of the date in which they are posted on the Website. If you require a copy of this Privacy Policy in a different format, such as a PDF or hard copy, please contact us at privacy@frauddeflect.com and we will take reasonable steps to comply with your request.
You may exercise any or all of your above rights in relation to your Personal Information by filling out the DSR Form and send it to our privacy team at: privacy@frauddeflect.com.
CONTACT US
If you have any questions about this Privacy Policy, you may contact us as follows: By sending us an email at: privacy@frauddeflect.com.
Does Fraud Deflect use cookies?
Yes, we use data files such as cookies, pixel tags, “Flash cookies” or other local storage files provided by your browser or associated applications. We use these technologies for different purposes such as in order to recognize you as a user; customize our Site and Services, content, and advertising; measure promotional effectiveness; help ensure that your account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety across our Website and Services. These cookies also help us track how visitors use the Site and our Services.Will Fraud Deflect Share My Personal Data With Others?
WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES.4.1 Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to improve fraud detection and prevention, account security, abuse and incident response and service integrity for our Merchants.
4.2 Regarding Merchant’s Personal Data when we act as a controller, we share Personal Data only under the following limited circumstances:
4.2.1 With partners who are an integral part of our Services, such as the card network, processor, gateway or ISO with whom our Merchants process payment transactions.
4.2.2 With trusted third parties who assist us in operating the Services and conducting our business.
4.2.3 As necessary to provide the Services, based on our legitimate interest in preventing illegal and fraudulent actions.
4.2.4 To comply with a legal requirement, for the administration of justice, to protect your vital interests or the vital interests of others, to protect the security or integrity of our databases or the Services, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganization, dissolution or similar event.
4.2.5 Other third parties with your consent or direction to do so.
4.3 Regarding Customer’s Personal Data, when we act as a processor, please refer to the Merchant’s privacy policy. We may share data, acting under Merchants’ instructions and on their behalf, with credit card processors, acquirers, banking institutions, payment gateways, card networks and other trusted third parties who assist us in providing the Fraud Deflect Services and conducting our business.
Will Fraud Deflect transfer my Personal Data internationally?
Personal Data will be held on servers located in the U.S. and may be processed by our team in Brazil. Therefore, your Personal Data may be stored or processed in countries in which the privacy laws provide for a different level of protection for your Personal Data than that which exists in your country of residence.
The European Commission and U.K. authorities have decided that the U.S. ensures an adequate level of privacy and data protection. Therefore, in accordance with the GDPR, the transfer of Personal Data from the E.U./U.K. to the U.S. and Brazil is safeguarded due to an adequacy decision of the Europenan Commission and does not require any specific authorization.
Our servers are located in the U.S. within providers adhered to the data privacy framework and, as a result, the transfer of Personal Data from the E.U./U.K. to U.S. is also safeguarded due to an adequacy decision of the European Commission and does not require any specific authorization.
Any other transfer of Personal Data originating from the E.U./U.K. to a third country (other than ones above to the U.S. and Brazil) shall be made in accordance with applicable law, including by providing adequate protections, or otherwise implementing appropriate safeguards to ensure the protection of our users’ rights. For instance, the Standard Contractual Clauses of the European Commission have been incorporated into the Fraud Deflect’s Data Protection Addendum. You can obtain a copy of such contract or more information about our practices and policies with respect to our use of service providers and the jurisdictions in which they are located, by the contact information provided below.Will I receive promotional materials from Fraud Deflect?
If you (e.g., a website user) provided us with your consent, we may send information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using an “unsubscribe” feature available within the message; or (ii) sending us an email to: privacy@frauddeflect.com asking to opt-out.Persons under 16
Our Website is a general audience Website, which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases. Please note that in certain jurisdictions you may be banned from using the Fraud Deflect Services unless you are 18 or 21 years old.Users rights with respect to Personal Data
For those processing activities where we act as a controller and subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data.Individuals’ rights under data protection and privacy laws, include:
● The right to confirm whether or not we hold your Personal Data;
● The right to access your Personal Data and being provided with a copy of the
Personal Data that we hold, and the right to rectify your Personal Data;
● The right to request access to the Personal Data that we hold about you and correct it if it is inaccurate, incomplete or out of date. If we do not give you access to your Personal Data or we do not agree to your request for correction, we will provide you with reasons why. If you are not satisfied with our decision or reasons, please see Section 12 below. If we agree to grant you access or to correct your Personal Data, usually we will do this as soon as reasonably practicable following receipt of your request and in any event within the deadline established in applicable laws;
● The right to erasure of your Personal Data;.
● The right to restrict the use and disclosure of your Personal Data;.
● The right to object to collection, use or disclosure of your Personal Data;.
● The right to data portability; (i.e. to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller).
● The right to complain to a supervisory authority (in the event that you are a European Economic Area (“EEA”) or U.K. resident), particularly, you can lodge a complaint to the Supervisory Authorities of the Member State of your habitual residence, place of work or of an alleged infringement of data protection laws. Also, a link to the address of each authority can be found here; and
● The right to withdraw consent
Please review our User Rights Policy regarding your rights under applicable law.
You may exercise any or all of your above rights in relation to your Personal Data (including to request access to and/or correct your Personal Data held by us) by completing the Data Subject Request form and sending it to our privacy team at privacy@frauddeflect.com. We may request additional information from you when you contact us with a DSR, in order to verify your identity, to determine the laws applicable to you, and to locate your data. It may take time to process requests in a way that is consisten with applicable privacy law (e.g., under the GDPR, this is generally expected to be up to one month).
For those processing activities where we act as a processor, individuals looking to assert their rights with respect to their Personal Data should contact their respective Merchants.
How does Fraud Deflect protect my data?
Fraud Deflect implements measures to reduce the risks of loss of information and unauthorized access or use of information. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data, including locks, unique access codes and closed circuit TV protection of relevant data storage sites. However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse.. Data Retention
Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. Upon customer request, we delete or return personal data within sixty (60) days.. Applicable Laws
The provisions included in this Privacy Policy relating to matters that may be regulated under the GDPR and therefore will apply only to the processing of Personal Data (or Personal Information) which is subject to the GDPR in accordance with the applicability provisions contained therein. Additionally, collection and processing of certain Personal Data by Fraud Deflect may be regulated under Federal laws or other applicable laws.. Questions or concerns or rights requests regarding privacy
If you have any questions or concerns regarding privacy issues, please send us a detailed message to privacy@frauddeflect.com and we will make every effort to resolve your concerns without delay.
Fraud Deflect may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website and shall be effective as of the date in which they are posted on the Website. If you require a copy of this Privacy Policy in a different format, such as a PDF or hard copy, please contact us at privacy@frauddeflect.com and we will take reasonable steps to comply with your request.
You may exercise any or all of your above rights in relation to your Personal Information by filling out the DSR Form and send it to our privacy team at: privacy@frauddeflect.com.
CONTACT US
If you have any questions about this Privacy Policy, you may contact us as follows: By sending us an email at: privacy@frauddeflect.com.