ClickCease
Don't miss out! Join us at
2024 featuring Fraud Fight Club on April 25th
arrow icon

Privacy Policy

Effective Date: January 3, 2022

Privacy Policy

Welcome to the Prove Identity, Inc. website at (www.prove.com). Prove Identity, Inc. (hereinafter “Prove”, “we”, "our”, or “us”) provides products and services for mobile and digital identity and authentication (our “Solutions”) to businesses and organizations and their affiliates (our “Clients”). Our Solutions help Clients prevent fraud, including helping Clients verify identities and authenticate users when Clients engage with consumers online, either through the use of mobile devices, web browsers, or calling Client call centers.  In short, we provide business-to-business (“B2B”) Solutions. This Privacy Policy (this “Policy”) provides information about what we do to support our business clients and how we process information that can reasonably identify you (“Personal Information”).  

The European General Data Protection Regulation (“EU GDPR”) generally applies to the processing of Personal Information in European Union (EU) member states and the European Economic Area (EEA). As of January 1, 2021, the United Kingdom (UK) is no longer a member of the EU. However, the UK government has transposed the EU GDPR into UK law, creating what is generally known as the "UK GDPR". Despite some technical changes, obligations under the EU GDPR and UK GDPR remain materially the same.

Under both the EU GDPR and UK GDPR (collectively, the "GDPR"), Prove may be considered either a controller (i.e., is the party responsible for, and controlling the processing of, your Personal Information) or a processor (i.e., the party processing your Personal Information on behalf of a controller). Prove may also be considered both a controller and a processor depending on the nature of the transaction.

If the GDPR, individual EU member state laws supplementing the GDPR, or other country laws outside of the United States apply to you, please see the “Your Rights Under the GDPR” or “Local Country Laws Outside of the US, UK, or EU” sections below for further information about your rights.


POLICY CONTENTS


1. WHAT DOES THIS PRIVACY POLICY COVER?

This Policy applies to your use of our and our affiliates' websites and branded social media pages, as well as when you receive emails, texts, faxes or have other communications with us or our affiliates (collectively, our “Sites”).

This Policy does not apply where we access or use (“Process”) your Personal Information when acting as a processor or service provider on behalf of our Clients, including when we use Trusted Sources (as defined below). However, we briefly explain below for general informational purposes the ways in which we may Process your Personal Information when providing Solutions we offer to our Clients. If you interact with our Solutions through one or more of our Clients and want more detailed privacy information, please contact that Client directly, as our Clients’ privacy policies may differ from those outlined in this Policy. We are not responsible for the privacy or data security practices of our Clients or any other non-affiliate third parties.

This Policy also does not apply to any Personal Information you post to the public areas of our Sites. This includes, but is not limited to, comments to social media platforms and other public forums. Comments posted to public areas may be viewed, accessed, and used by third parties subject to the privacy practices and policies of the platform and/or forum.

2. WHAT PERSONAL INFORMATION DO WE PROCESS?

The types of Personal Information we process depends on (a) how you access or use our Sites and/or (b) how our Clients use our Solutions.

Personal Information We Process Through Our Sites

Prove may process Personal Information such as your name, personal email address, business email address, and/or your personal or business phone number when you communicate with us. For example, by contacting us with inquiries, responding to our polls, RSVP’ing to events, interacting with our landing pages (e.g., leaving a comment) or in response to our marketing materials, or when you set up an account with us. Where we process other Personal Information through your use of our Sites, such as obtaining telephony signals or responding to consumer privacy inquiries through our online portal (powered by OneTrust), we will inform you of this before you provide information and we process Personal Information.

Personal Information Processed in Providing Solutions to our Clients

Prove may process Personal Information when providing Solutions to our Clients. For example, in order to provide our authentication and fraud prevention services to a Client, we may receive Personal Information from our Client, and we may request that a mobile network operator (“MNO”) provide certain telephony signals, name, address, and mobile phone number. We may also obtain similar information from trusted proprietary third parties, or third party platforms or applications, including online databases or directories (“Trusted Sources”). We may also use Personal Information when combining information from MNOs and Trusted Sources when providing Solutions to our Clients. Regardless of where the Personal Information originates from, Prove complies with all applicable laws governing processing of Personal Information when providing Solutions to our Clients, and processes Personal Information in accordance with our Client agreements.

Personal Information We Collect Automatically via Tracking Technologies (e.g., Cookies)

When you interact with our Sites, Prove or Prove’s vendors may automatically process Personal Information through a variety of tracking technologies, such as pixels, tags, file information, geolocation, and similar technology (collectively, “Tracking Technologies”). For example, we may use Tracking Technologies (e.g., cookies) to collect information about your device and its software, such as your IP address, browser type, device type/model/manufacturer, a unique identifier such as a persistent device identifier or an Ad ID, and other such information. We may also process Personal Information about the way you access and use our Sites (e.g., the website from which you came and the website to which you are going when you leave our Sites, the pages you visit on our Sites, the links you click from our Sites, whether you open our emails or click the links contained in our emails, whether you access the Sites from multiple devices, and similar information. We may also collect analytics data or use third party analytics tools (e.g., Google Analytics, Hubspot, and/or Hotjar) to help us measure traffic and usage trends for the Sites and to understand more about the demographics of visitors to our Sites. You can learn more about Google’s practices at https://policies.google.com/technologies/partner-sites and view its opt-out options at https://tools.google.com/dlpage/gaoptout. You may also be able to control the acceptance of cookies by modifying your Internet browser preferences (e.g., accept all cookies, to be notified when a cookie is set, or to reject all cookies). Please note that if you choose to block all cookies (including essential cookies) you may not be able to access part or all of our Sites and may not be able to use services or engage in activities that require the use of cookies. For more detailed information on how to control cookies you, feel free to visit the following third party site: https://www.allaboutcookies.org/.

3. HOW DO WE USE PERSONAL INFORMATION?

Prove may use Personal Information to:

  • Operate, maintain, improve, and provide to you the features and functionality of our Sites and/or Solutions;
  • Enhance our Sites, as your information helps us to more effectively respond to your customer service requests and support needs;
  • Contact you, including about the information you have provided through our Sites;
  • Set up and administer accounts for Sites and/or Solutions; 
  • Process transactions for Sites and/or Solutions; 
  • Deliver marketing and events communication for our Sites;
  • Prevent fraud and abuse using our Solutions; 
  • Enable identity authentication and otherwise operate, maintain and provide our Sites and Solutions; and
  • Perform any other action we may describe when you provide the information.

4. WHEN DO WE SHARE YOUR PERSONAL INFORMATION?

Prove may share Personal Information as set forth below:

  • Vendors and Trusted Sources: We may share your Personal Information with our vendors and Trusted Sources in order to provide Solutions to our Clients, provided such companies protect your Personal Information and only use it for the purposes we specify. If you interact with our Solutions through one of our Clients, please review that Client’s privacy practices and its use of third party service providers.

  • Clients: We may share Personal Information we receive from our vendors and Trusted Sources with a Client to whom you interact in order to provide Solutions to that Client.  We do not share this Personal Information between Clients. Our Clients may have their own privacy policies which govern their use of Personal Information. 

  • Business Transfers: We may share Personal Information with other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company of a third party, or in the event of a bankruptcy or related or similar proceedings.

  • Legal Requirements: We may share Personal Information with law enforcement, regulatory authorities, courts, and governmental agencies to comply with subpoenas or other legal orders, legal or regulatory requirements, and government requests.  We may also disclose Personal Information in order to verify or enforce compliance with other agreements or policies governing the Sites or Solutions, applicable laws, rules, and regulations, or whenever we believe disclosure is necessary to limit our legal liability or to protect or enforce the rights, interests, or safety of the Sites, Solutions, consumers, or other third parties. We reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful. 

We may also share Personal Information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual. 

5. HOW DO WE RESPOND TO “DO NOT TRACK” SIGNALS?

Prove may, and Prove may allow our vendors and other third parties to, use cookies or other technologies on our Sites or in our Solutions that collect information about your browsing activities over time and across different websites following your use of the Sites or Products.  We currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received.

6. ONLINE ADVERTISING

Prove may permit third party online advertising networks, social media companies, and other third party services to collect Personal Information through cookies and similar Tracking Technologies related to your visit to our Sites so that they may play or display ads that may be relevant to your interests on our Sites as well as on other websites or apps, or on other devices you may use. This information may also be used to make the advertisements you see online more relevant to your interests. For example, Prove or a third party may utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (e.g., Google Analytics cookie) and third party cookies (e.g., DoubleClick advertising cookie) or other third party cookies together to inform, optimize, and display ads based on your past visits to the Sites. To learn more about interest-based advertising and how you may be able to opt-out of some of this advertising, you may visit the Network Advertising Initiative’s online resources at http://www.networkadvertising.org/choices, and/or the Digital Advertising Alliance’s resources at https://optout.aboutads.info/. You may also control your advertising preferences or opt-out of certain Google advertising Solutions by visiting the Google Ads Preferences Manager, available at https://google.com/ads/preferences/ as of the effective date of this Policy.

7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

Keeping information safe. Prove maintains reasonable administrative, technical, and physical security measures to protect your Personal Information, including unauthorized access and use. However, no security system is impenetrable. In the event that any Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised, and take other steps, in accordance with any applicable laws and regulations. In the event Personal Information in our possession is affected by a security event, we will notify our Clients (and where appropriate, consumers directly) in accordance with our contractual obligations and applicable law. 

Data retention. We may retain your Personal Information as long as appropriate for business purposes, unless we are required by law, regulation or for litigation and regulatory investigations to keep it for longer periods of time. Any Personal Information that we have acquired, either directly or from third parties, and that is no longer needed for any business or record-keeping purposes, is disposed of securely and in compliance with established best practices for secure data destruction and/or de-identification. Personal Information that we have processed on behalf of our Clients may be retained, stored, and deleted but only in accordance with our contractual obligations and in compliance with applicable law.

8. LINKS TO OTHER WEBSITES

Our Sites may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites which are not Prove-branded and services. Personal Information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing Third Party Site links on our Sites, Prove does not imply that we endorse or have reviewed the privacy policies of these sites. Please contact the Third Party Sites directly for information on their privacy policies and practices.

9. CHILDREN

Prove does not knowingly collect Personal Information from children under the age of 13.  If you have reason to believe that a child under the age of 13 has provided Personal Information to Prove through the Sites or Solutions, please contact us at privacy@prove.com and we will endeavor to delete that information from our databases. 

10. YOUR CALIFORNIA, NEVADA AND OTHER STATE OPT-OUT PRIVACY RIGHTS

If you are a California resident, you may be entitled to opt out from having your Personal Information shared or used under California Civil Code Section 1798.120. If you are a California or Nevada resident, you may be entitled to opt out of the sale of your Personal Information under California Civil Code Section 1798.120 or Nevada Senate Bill 220 respectively.  If you are a resident of any other State, you may be entitled to similar rights. You may make an opt-out or related request by contacting us using the contact information in Section 13 below or clicking the “Exercise Your Rights” or “Do Not Sell My Personal Information” links at the bottom of Prove’s website. 

11. YOUR RIGHTS UNDER THE GDPR

Under the GDPR, Prove may be considered a controller and/or a processor depending on the nature of the transaction.

Legal Basis for Processing under GDPR: Under the GDPR, Prove may process your personal data (as defined under applicable laws) if necessary:

  • For the performance of any contractual relationship we have with you; 
  • For compliance with any legal obligation; and
  • For the purposes of Prove’s, our Client’s, or Trusted Sources’ legitimate interests in connection with providing our Solutions or with respect to our Sites, including:

  •  user registration/authentication and providing client services;
  •  to contact you and respond to your requests and enquiries;
  •  for business administration, including statistical analysis; 
  •  to provide the Sites as well as our Solutions; 
  •  for fraud prevention and detection; and
  •  to comply with applicable laws, regulations, or codes of practices.


Prove may also process personal data on the basis of your freely given, specific, informed, and unambiguous consent. You are legally entitled to withdraw your consent at any time. If you do this and we have no alternative legal basis for processing your personal data, this may affect our ability to provide you with rights to use the Sites as well as our Solutions.

We may store personal data for as long as necessary to fulfill the purposes for which we process the data, except if required otherwise by law.

Special Categories of Data:  Certain Prove Solutions may collect, store, process, and transmit biometric data (e.g., data related to human gait) to the extent legally permitted under GDPR for the provision of such Solutions.

Prove does not directly or intentionally collect, store, process, and transmit any of the other following special categories of personal data as defined by the GDPR:

  • Racial or ethnic origin
  • Political opinions
  • Religious, philosophical beliefs, or other beliefs of a similar nature
  • Trade union membership
  • Physical or mental health or condition
  • Sex life and sexual orientation
  • Genetic data
  • Data on criminal convictions

Specific Rights under the GDPR: If the GDPR is applicable to you, you may have the following rights in respect of your personal data that we hold:

  • Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. YOU CAN OBJECT TO MARKETING ACTIVITIES FOR ANY REASON WHATSOEVER.

  • Right of access. The right to obtain access to your personal data in a common machine-readable format. Please note that the request for additional copies of personal data may result in reasonable fees based on administrative costs.

  • Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
  • Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.

  • Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.

  • Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another. 

Additionally, you have the right not to be subject to a decision based solely on automated processing, including profiling. Our Solutions are not used by our Clients to determine credit worthiness. Our Solutions are used to assess the probability of you being the person you’re claiming to be and help avoid fraudulent activities. If you interact with our Solutions through one or more of our Clients, please contact that Client directly in order to understand how they use our Solutions within their current processes, contest any decisions they have made based on our processing, and/or verify your identity.

In the instances where we control your data and you wish to exercise any of these rights, you may contact us in writing at the address below or via email at privacy@prove.com at any time, or by using the “Exercise Your Rights” link at the bottom of our website. We will comply with applicable laws, but may not be able to honor your request in all circumstances.

You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

International Transfers: Personal Information received on behalf of Clients for the United States market is processed on servers located in the United States. Personal information received on behalf of Clients based or servicing primarily the European Economic Area countries are processed on servers based in Europe. Your Personal Information, if stored, may also be transferred to locations outside Europe from vendors or Trusted Sources we use.

Where we transfer your Personal Information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

  • The country to which we send the Personal Information may be approved by the European Commission; or
  • The recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information.

In other circumstances, the law may permit us to otherwise transfer your Personal Information outside Europe. In all cases, however, any transfer of your Personal Information will be compliant with applicable data protection law.

You can request more details of the protection given to your Personal Information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by using the details set out below in the “Contacting Us” section.

Consequences of Non-Compliance: The GDPR states that penalties for non-compliance with the GDPR must be effective, proportionate, and dissuasive for each individual case. Prove understands that GDPR-related fines can be up to 10 million euros or up to 2% of our entire global turnover of the preceding fiscal year, whichever is higher.

12. LOCAL COUNTRY LAWS OUTSIDE OF THE US, UK, OR EU

Where local countries’ laws outside the EU or United States apply to Solutions offered to our Clients or our Sites, we comply where applicable.  If such laws apply to you and you have additional questions, please reach out us at emailing us at privacy@prove.com, by writing to us at Payfone, Inc. d/b/a Prove, 245 5th Avenue, 20th Floor, New York, NY 10016, or by using the “Exercise Your Rights” link at the bottom of our website.

13. CHANGES TO OUR PRIVACY POLICY

We reserve the right to change this Policy from time to time in our sole discretion.  Since we may modify our Privacy Policy from time to time, we recommend that you check the current version of our Privacy Policy periodically.  If we make any modifications to our Privacy Policy, we will update the “Effective Date” at the top.  By continuing to use the Sites and Solutions or providing us with information after we have posted any updates to this Policy, you consent to the revised Policy and practices described in it.

14. CONTACTING US

If you have any questions, comments, requests, or concerns regarding this Policy, or if you wish to file a complaint, please email us at privacy@prove.com, call us using our toll-free number at 888-315-8780, or use the “Exercise Your Rights” link at the bottom of our website. You can also contact Prove’s Data Protection Officer by writing to:

Prove Identity, Inc.
Attn: Prove Compliance Department
245 5th Avenue, 20th Floor
New York, NY 10016