BIOCATCH
PRIVACY POLICY
LAST UPDATED: August 18, 2023
- Why BioCatch
-
Solutions
Solutions
Account Opening ProtectionIdentify application fraud and protect genuine user information from being exploited.
Mule Account DetectionIdentify money laundering activity and proactively detect the mule accounts before funds are moved.
Account Takeover ProtectionMonitor web and mobile banking sessions to expose risky actions indicative of fraud.
Social Engineering Scam DetectionDetect and stop authorized payment fraud before funds leave the customer’s account.
Strong Customer AuthenticationEnhance your existing compliant solution by adding security without unnecessary friction.
BioCatch Trust™The world’s first inter-bank, behavior-based, financial crime intelligence-sharing network.
- BioCatch Connect
- Resources
- Company
BIOCATCH PRIVACY NOTICE
BioCatch Ltd. and its affiliates (collectively, “BioCatch,” “we,” or “us”) want you to be familiar with how we collect, use and disclose Personal Information. “Personal Information” is information that identifies you as an individual or relates to an identifiable individual.
This Privacy Notice describes our practices in connection with the Personal Information that we collect from the Services (meaning our Websites, Social Media Pages, emails and offline business interactions as described below), unless agreed otherwise by contract or accompanying privacy documentation.
-
-
- Through websites operated by us from which you are accessing this Privacy Notice (the “Websites”),
- Through our social media pages located at https://www.linkedin.com/company/biocatch/\https://twitter.com/BioCatch and https://www.facebook.com/BioCatch.global/ (collectively, our “Social Media Pages”),
- Email messages that we send to you that link to this Privacy Notice,
- Offline business interactions you have with us.
-
The Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all Personal Information covered by this Privacy Notice as pertaining to individuals acting as business representatives, rather than in their personal capacity.
You are not legally required to provide us with any Personal Information, and may do so (or avoid doing so) at your own free will. If you do not wish to have your Personal Information processed by us or any of our service providers as described in this Privacy Notice, please avoid any interaction with us including visiting our Websites or using the Services.
You may also choose not to provide us with “optional” Personal Information (fields typically marked as “not required” on forms), but please keep in mind that without it we may not be able to provide you with the full range of the Services or with the best user experience when using the Services.
Personal Information
We collect or generate the following categories of personal information in relation to the Services:
• Information concerning our website visitors, prospects and business contacts:
Name, email, phone number, position, workplace, country, contractual and billing details, and any other information submitted by website visitors, prospects and business contacts when they use the Services; our communications with you, including written correspondence, requests, registration for events that we host or organize, surveys and other feedback received, and sensory information which may include phone call recordings (e.g., with our sales team).
• Usage and device information concerning website visitors, prospects and business contacts:
Connectivity, technical and usage data, such as IP addresses and approximate general locations derived from such IP addresses, device and application data (like type, operating system, mobile device or app id, browser version, location and language settings used); system logs of actions and events attributed to those IP addresses, devices and applications; the name and version of the Services you are using; the relevant cookies and pixels installed or utilized on your device; and the recorded activity (sessions, clicks, use of features, logged activities and other interactions) of prospects and website visitors in connection with the Services.
Collection of Personal Information
We and our service providers collect Personal Information in a variety of ways, including:
- Through the Services
- We collect Personal Information through the Services, for example, when you access our Websites, sign up for a newsletter or access the Services.
- Offline
- We collect Personal Information from you offline, e.g., when you attend one of our trade shows, events, webinars or contact our sales team.
- From Other Sources
- Publicly available databases.
- Publicly available databases.
Use of Personal Information
We and our service providers use Personal Information for the following purposes:
|
Purpose |
Lawful basis for processing |
|
To facilitate, operate and provide the Services. |
▪ Performance of a Contract ▪ Legitimate Interest ▪ Consent |
|
To monitor, study and analyze use of the Services. |
▪ Performance of a Contract ▪ Legitimate Interest |
|
To gain a better understanding on how individuals use and interact with the Services, and how we could improve their and others’ user experience and continue improving our offerings and the overall performance of the Services. |
▪ Legitimate Interest |
|
To support and enhance our data security measures, including for purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity. |
▪ Performance of a Contract ▪ Compliance with legal obligations ▪ Legitimate interest |
|
To comply with court orders and warrants, and prevent misuse of the Services, and to take any action in any related legal dispute and proceeding. |
▪ Compliance with legal obligations ▪ Performance of a Contract ▪ Legitimate interest |
|
To comply with applicable laws and regulations. |
▪ Compliance with legal obligations |
|
To contact you with general or personalized Service-related messages. |
▪ Performance of a Contract ▪ Legitimate Interest |
|
To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. |
▪ Consent ▪ Legitimate Interest |
|
To explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences. |
▪ Legitimate Interest |
|
To facilitate, sponsor and offer certain events, contests and promotions. |
▪ Legitimate Interest ▪ Consent |
|
To create aggregated data, inferred non-personal information or anonymized or pseudonymized data (de-identified data), which we or our business partners may use to provide and improve our respective services, conduct research, or for any other purpose. |
▪ Legitimate Interest ▪ Performance of a Contract ▪ Compliance with legal obligations |
|
For any other lawful purpose or other purpose that you consent to in connection with provisioning the Services. |
▪ Compliance with legal obligations ▪ Consent |
If you reside or are using the Services in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for processing Personal Information described in this Privacy Notice (either in general, based on the types of Personal Information you expect or elect to process or have processed by us or via the Services, or due to the nature of such processing) (“Consent”), your continued use of the Services means that you have had the opportunity to read and that you accept this Privacy Notice and will be deemed as your Consent to the processing of your Personal Information for all purposes detailed in this Privacy Notice, unless applicable law requires a different form of consent. If you wish to revoke such Consent, please contact us at dpo@biocatch.com.
Disclosure of Personal Information
We disclose Personal Information:
-
- To our affiliates including for the purposes described in this Privacy Notice.
- To our third party service providers to facilitate services they provide to us.
- These can include providers of services such as website hosting, data analysis, information technology and related infrastructure provision, email delivery, auditing, marketing services, social and advertising networks, and other services.
- To our event sponsors
- If you register to any event that we host, organize or sponsor, with your permission we may share your registration details with others, including the hosts, organizers, speakers, service providers and sponsors of that event, so that they may contact you with relevant information and offers, or to fulfill any promotions related to the event.
- To comply with applicable law and regulations.
- This can include laws outside your country of residence.
- To cooperate with public and government authorities
- To respond to a request or to provide information we believe is important. These can include authorities outside your country of residence.
- To respond to a request or to provide information we believe is important. These can include authorities outside your country of residence.
- To cooperate with law enforcement.
- For example, when we respond to law enforcement requests and orders or provide information we believe is important.
- For other legal reasons.
- To enforce our terms and conditions; and
To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- To enforce our terms and conditions; and
- In connection with a sale or business transaction.
- We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors.
Cookies and Similar Technologies
Cookies are a standard feature of websites that allow us to store small amounts of data on your computer about your visit to the Websites. Cookies help us learn which areas of the Websites are useful and which areas need improvement. For this purpose, we also use technologies similar to cookies, such as pixel tags. You can choose whether to accept the use of cookies and similar technologies in general by changing the settings on your browser, or by changing specific settings for the Websites (as set out below). However, if you disable cookies and similar technologies, your experience on the Websites may be diminished and some features may not work as intended.
- Types of cookies and similar technologies.The different types of cookies and similar technologies that are used on the Websites are included in our cookie consent manager. Please contact us at info@biocatch.com for more information on the types of cookies we use.
- Google Analytics. We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout
MANAGING COOKIES AND SIMILAR TECHNOLOGIES.
You can change your settings for cookies and similar technologies, or withdraw your consent at any time, through our Cookiebot. Please note that this will not fully remove the cookies that have already been set on your device. You can delete cookies that have already been placed on your device by following these instructions:
Deleting cookies in Internet Explorer
To find information relating to other browsers, visit the browser developer's website. Please be aware that if cookies are disabled, not all features of the Websites may operate as intended. Please contact us at info@biocatch.com if you have any questions or concerns.
SECURITY
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
CHOICES AND ACCESS
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the instructions in each such email or sending an email to marketing@biocatch.com with “Unsubscribe” in the subject line.
HOW YOU CAN ACCESS, CHANGE, OR DELETE YOUR PERSONAL INFORMATION
Individuals have rights concerning their Personal Information. If you wish to exercise your privacy rights under applicable law (including the EU or UK GDPR and the California Consumer Privacy Act (CCPA)), please contact us by email at dpo@biocatch.com. Such rights may include – to the extent applicable to you – the right to know/request access, correct, update, or delete Personal Information or suppress, restrict processing of Personal Information, or object to the processing of Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), we will respond to your request consistent with applicable law.
In your request, please make clear what Personal Information you would like to access, correct, update, delete, or, whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in accordance with applicable law.
Please note that we may need to retain certain information for recordkeeping purposes.
RETENTION PERIOD
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you keep using the Services);
- Whether there is a legal obligation to which we are subject; or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
THIRD PARTY SERVICES
This Privacy Notice does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with our Social Media Pages.
USE OF SERVICES BY MINORS
The Services are not directed to individuals under the age of thirteen (13), and we do not knowingly collect Personal Information from individuals under the age of eighteen (18).
JURISDICTION AND CROSS-BORDER TRANSFER
Your Personal Information may be stored and processed in any country where we have facilities or personnel or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence. Such countries may have data protection rules that are different from those in your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
While privacy laws may vary between jurisdictions, we are committed to protecting Personal Information in accordance with this Privacy Notice and customary industry standards, including implementing appropriate transfer mechanisms as applicable and necessary. For transfers of Personal Information from the European Economic Area (EEA), the UK, and Switzerland we either rely on recognition by the appropriate authority that the level of data protection in the receiving country is adequate (adequacy decisions) or we have put in place additional measures, such as standard contractual clauses adopted by the appropriate authority, in order to protect your Personal Information. You may obtain a copy of these measures by contacting us in accordance with the “Contacting Us” section below.
SENSITIVE INFORMATION
We ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
REQUIREMENTS UNDER US STATE PRIVACY LAWS
This Privacy Notice describes the categories of Personal Information we may collect and the sources of such information (in “Personal Information” and Collection of Personal Information” above), and our retention (“Retention Period”) and your consumer rights (“How you can access, change, or delete your Personal Information”) practices. We also included information about how we may process your Personal Information, which includes for “business purposes” under the CCPA and similar state laws, as applicable (“Use of Personal Information”). We may disclose Personal Information to other entities or allow them to collect Personal Information from the Services as described in “Disclosure of Personal Information” above. We do not “sell” or “share” your Personal Information (as such terms are defined under the CCPA). You may also designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us. We will not discriminate against you by withholding the Services from you or providing a lower quality of service to you for requesting to exercise your rights under the law.
If you have any questions or would like to exercise your rights under the CCPA or any applicable US State privacy laws, you can contact dpo@biocatch.com.
UPDATES TO THIS PRIVACY NOTICE
The “Last Updated” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services.
CONTACTING US
If you have any questions about this Privacy Notice, or if you have any concerns regarding your Personal Information held with us, or if you wish to make a complaint about how your Personal Information is being processed by us, please contact us via our Data Protection Officer (DPO) at dpo@biocatch.com.
UK: UK inquiries may be sent to: BioCatch (Emea) Limited, 4th Floor, St. James House St. James Square, Cheltenham, GL50 3PR, England.
EU Representative: Maetzler Rechtsanwalts GmbH & Co KG (Prighter) has been designated as BioCatch’s representative in the European Union for data protection matters pursuant to Article 27 of the GDPR. Maetzler Rechtsanwalts GmbH & Co KG may be contacted only on matters related to the processing of personal data of EU residents. To make such an inquiry, please visit the following page: https://prighter.com/q/16916575803. You may lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.
Actionable Behavioral Insights Start Here
