Brighterion Privacy Policy

 
Brighterion receives data from Acquirers, Issuers, banks, Processors, financial institutions and other entities to help them prevent fraud, predict risk and delinquency, detect money laundering and comply with international regulations. Brighterion does not receive data directly from consumers. This policy sets forth the manner in which such data is used and secured by Brighterion. This policy does not describe how such data may be used by our clients who received the data directly from the consumer and sent it to us. Consumers concerned about the use of their data should review the privacy policies of the companies with which they do business directly in addition to this policy.

EU-US Privacy Shield Framework

Brighterion, Inc complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  Brighterion, Inc has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

In compliance with the EU-US Privacy Shield Principles, Brighterion, Inc commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact Brighterion, Inc at:

corp@brighterion.com and  identify “Privacy Compliance” in the subject line,

or

Privacy Compliance
Brighterion, Inc.
150 Spear Street, 10Th Floor
San Francisco, CA, 94105
+1 (415) 986-5600

Brighterion, Inc has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

US-Swiss Safe Harbor Framework

Brighterion, Inc. complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland.  Brighterion, Inc has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern.  To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/swiss.

In compliance with the US-Swiss Safe Harbor Principles, Brighterion, Inc commits to resolve complaints about your privacy and our collection or use of your personal information.  Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Brighterion, Inc at:

corp@brighterion.com and  identify “Privacy Compliance” in the subject line,

or

Privacy Compliance
Brighterion, Inc.
150 Spear Street, 10Th Floor
San Francisco, CA, 94105
+1 (415) 986-5600

Brighterion, Inc has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Adherence to the EU-US Privacy Shield and US-Swiss Safe Harbor Frameworks

Client Personal Data processed or stored by Brighterion, Inc. may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the EU-US Privacy Shield and US-Swiss Safe Harbor Frameworks. At a minimum, however, Brighterion, Inc. handles Client Personal Data in accordance with our Privacy Policy, which is based upon the  principles identified in the Privacy Shield and Safe Harbor Privacy Framework.

Brighterion is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Business Purposes for the Collection and Use of Personal Data

Brighterion does not receive data directly from consumers. Generally, Brighterion’s clients are processors or merchants selling goods. Brighterion receives consumer data indirectly via its clients. Brighterion’s clients may provide data relating to financial transactions.

Use of the data received.

Brighterion processes the data received from its clients using its proprietary risk management platform and external data sources to design custom models, detect money laundering, predict risk or prevent fraud.  The results of Brighterion’s analysis are made available to the client that sent the data to Brighterion. The client may use Brighterion’s case management to review historical data related to a customer or a merchant.  Transactional data is stored by Brighterion on behalf of its clients for periods of time specified in its client contracts.

Data elements may contain credit card numbers, individual and merchant names, addresses (shipping, billing …), purchase amounts …

With the written consent of the client, individual elements of the data that were used in a transaction identified by a client as suspicious may be stored by Brighterion and used for further analysis.  In addition, Brighterion may apply advanced analytics to the data received from clients to identify patterns or anomalies useful in preventing fraud, predicting risk and delinquency, detect money laundering and complying with international regulations.

Sharing the data with third parties

Brighterion, Inc also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Brighterion may make stored data available to government officials in response to a subpoena or other comparable lawful and compulsory request.

Except as described herein, Brighterion does not make the data received available to any other third parties.

If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Brighterion, Inc is potentially liable.

Brighterion encourages its clients to provide their customers with notice of Brighterion’s role in processing the transaction data.

Brighterion encourages  its clients to disclose that the data provided will be processed by Brighterion to prevent fraud, predict risk and delinquency, detect money laundering and comply with international regulations.

Data Accuracy

Brighterion, Inc takes all necessary precautions to protect the Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Brighterion, Inc applies the highest data level security. We have physical and system security.  We use firewalls and data encryption and apply strict procedures to protect the data we receives from unauthorized access or misuse. Only keys employees have access to data.

Brighterion, Inc takes reasonable steps to ensure that the Consumer Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current.

Brighterion, Inc acknowledges that EU individuals have the right to access the personal information/data that we maintain about them.  An EU individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to:

corp@brighterion.com and  identify “Privacy Compliance” in the subject line,

or

Privacy Compliance
Brighterion, Inc.
150 Spear Street, 10Th Floor
San Francisco, CA, 94105
+1 (415) 986-5600

If requested to remove data, we will respond within a reasonable timeframe.

Individuals may contact us either directly or through one of our clients, and after appropriate verification of their identity, can reasonably direct the correction or removal of data relating to them in our databases.

Contact for questions.

Any questions about the accuracy, use, processing or storage of data received by Brighterion should be directed to corp@brighterion.com