Last Updated: February 2023
This privacy statement describes how Kount Inc., an Equifax Company (collectively, “Kount”, “we”, “us”, “our”), collects, uses, and shares personal data provided to Kount by merchants and other users of Kount products for providing global fraud prevention and related services. Kount is committed to maintaining the privacy of personal data under its control, including personal data that you provide to us when using any of our online services, including Kount.com, Kount.net, and/or Kount services linked to Kount.com (collectively “websites”).
“Personal data” is any information that relates to an identifiable natural person. Your name, address, contact details and financial data are all examples. The term “process” means any activity relating to personal data, including (for example) its collection, storage, transfer or other use.
Kount is a “Controller” of your personal data. This means that we make decisions about how and why we process your personal data and because of this, we are responsible for making sure that it is used in accordance with data protection laws.
Personal Data Collected
Depending on your use of our websites or services, any services provided by Kount clients which utilize our services, and any contact you may have with us (whether through our websites or otherwise) we may collect and/or receive the following types of personal data:
Information You Provide to Us
- Contact Information. When you submit information to Kount, we may collect personal data from you which may include your name, address, and email address. We do not knowingly collect personal data from persons under the age of 18.
- Communications With Us. We may collect personal data from you such as email address, phone number, or mailing address when you request information about our services, request customer or technical support, or otherwise communicate with us.
- Interactive Features. We may offer interactive features such as chat services, forums, and social media pages. We may collect information you submit or make available through these features.
- Conferences and Trade Shows. We may attend conferences and trade shows where we collect personal data from individuals who interact with, or express an interest, in Kount and/or the services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Information We Collect from You
- Website Usage Information. We automatically collect IP addresses and website usage information from you when you access any of our online services. This information helps us evaluate how our visitors and subscribers use and navigate our websites on an aggregate basis, including but not limited to, the number and frequency of visitors and subscribers to each web page, and the length of their visits.
- Information Collected via Cookies. We define a cookie as any string of data that is automatically stored on your computer upon access to our online services. Kount employs cookies to assign temporary identification numbers to machines that access our web servers. This information enables us to deliver faster service to our subscribers, prevent denial of service attacks on our systems, and detect and prevent fraudulent transactions.
All Kount cookies are:
- Of limited duration.
- Less than 5KB in length.
- Only visible to Kount web servers.
Information We Collect about You
- Transaction Information. When you transact with merchants that are clients of Kount, Kount and its third-party service providers may process your name, mailing address, email address, and telephone number, together with financial and payment card information used to facilitate a transaction that you request. Additionally, Kount and its third-party service providers may collect information regarding your purchasing activities.
- We use this information to detect spending patterns that may indicate potential fraud and generate flags which we link to the device used by you for a transaction. These flags and any other indications of possible fraud will be made available to our clients when an individual or device suspected of fraud attempts to complete a transaction.
- Device Information. Kount and its third-party service providers may collect information about the device you use to purchase goods and services, including your IP address, type of device, type of browser, device name, and geographic location.
Legal Basis for Collecting and Using your Personal Data
Kount will collect personal data from you only where we have a lawful basis to do so. The majority of our processing is on the lawful basis of legitimate interest, though we may also process data with your consent to do so, or where we need the personal data to perform a contract with you, or where we have a legal obligation to process your data.
The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.
|Purposes of processing
|Use of your information to identify potentially fraudulent issues at point of application or purchase.
|✔ It is in our legitimate interest to prevent fraud.
|Use of your information to detect and report suspected incidents of fraud, or for general crime prevention
|✔ It is in our legitimate interest to prevent crime and instances of fraud.
|Using your Contact Information to establish an account for you and respond to your inquiries and/or complaints
|✔ It is in our mutual interest to respond
|Using any relevant personal data to establish and enforce our legal rights or to comply with a court order, law enforcement requirement (or other legally mandated request), or legal obligation
|Using any relevant personal data in relation to managing the proposed or actual sale, restructuring or merging of any or all part(s) of our business
|✔ We have legitimate interest in being able to sell or restructure our business and maintain continuity for us or a buyer
|✔ It is in our mutual interest
|Using your personal data to personalize the content and advertising that you and others see based on personal characteristics or preferences
|✔ It is in our mutual interest
We may also use your personal data to conduct research and analysis, including to produce anonymous statistical reports. Where appropriate, we will convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable (thereby creating anonymised data). Anonymised data is not personal data and can be used, for example, to help us understand and improve the analytics we undertake of individual transaction data. We may also share anonymised data or the research we produce from our analysis of anonymised data, with third parties.
Disclosures to Protect Us or Others
Sharing your Personal Data
Affiliates and Third Parties: We may share your personal data with companies that control, are controlled by, or under common control with Kount, as well as selected third parties with whom Kount works. These recipients within and outside our group may be processing your personal data on our behalf as a Service Provider (see below) or they may be processing it for their own purposes as a Controller in their own right.
Additionally, we may share your personal data with the following categories of recipients:
- Service Providers: We may share your personal data with entities that provide services to us, such as vendors and suppliers that provide technology, services, and/or content for the operation and maintenance of the Kount Services we provide. Access to your personal data by these service providers is limited to the information reasonably necessary for the Service Provider to perform its limited function. We take steps to help ensure that Service Providers keep your personal data confidential and comply with our privacy and security requirements. A current list of Kount’s key Service Providers is available at https://kount.com/legal/privacy/
- Disclosure for Legal Reasons or as necessary to protect Kount: We may release personal data to other parties: (1) to comply with valid legal requirements such as laws, regulations, search warrants or court orders; (2) in special cases, such as a physical threat to you or others, a threat to public security, or a threat to Kount’s systems or networks; or (3) cases in which Kount believes it is reasonably necessary to investigate or prevent suspected or actual harm, abuse, fraud, or illegal conduct.
- Changes in Kount’s corporate structure: If all or any part of Kount is sold, merged or otherwise transferred to another entity (including a transfer of assets), your personal data may be transferred as part of that transaction.
Members of the Kount data sharing arrangement
Each organization that shares fingerprint data with Kount is also entitled to receive similar kinds of data contributed by other organizations. These organizations are typically retail, telecommunications, financial services, leisure, entertainment, and gaming.
Kount may employ third party companies and individuals (‘sub-processors’) to facilitate our service, to provide the service on our behalf, to perform site-related services (including but not limited to maintenance services, database management, web analytics, and improvement of our web sites’ features) or to assist us in analyzing how our web sites and services are used. Kount is committed to partnering with sub-processors that meet or exceed the privacy and security obligations Kount is committed to providing to its clients. These sub-processors have access to your personal data only for purposes of performing these tasks on our behalf. The names and locations of Kount’s sub-processors are available on our Privacy Page.
We may provide relevant personal data to business partners, including cookie identifiers and IP addresses, to provide you with a product or service you have requested. We may also provide this personal data to business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.
Kount only retains your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it.
For example, we will typically retain personal data in relation to our Kount Services for two years after application on behalf of the relevant client/merchant. Your personal data is not otherwise used for the benefit of any other party or for Kount’s own purposes, outside of Kount’s own analytical purposes.
In some cases, it may be necessary to retain your personal data for different periods. The factors that direct how long we will retain personal data include the following:
- any laws or regulations that we are required to follow;
- whether we are in a legal or other type of dispute with each other or any third party;
- the type of information held about you; and
- whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
For more information regarding our retention periods, please contact us.
Cookies, Pixel Tags, and Other Technology
First Party Cookies. First party cookies are cookies that we have published on our
websites to understand how visitors navigate our websites and improve the performance of our websites. We utilize third-party analytics providers to help us gather information about a visitor’s experience which may include browser type, time spent on our websites, pages clicked, operating system type, device type and ID, and information related to products you ordered. We utilize the information collected through first party cookies to perform website analytics and to update the layout and content of our websites. Third party analytics providers are able to read their own cookies on your device and are contractually restricted in how they can use the information collected.
First Party Cookie Opt Out. If you do not wish to have your information collected through first party cookies on our websites, most browsers allow you to adjust the browser settings to decline particular cookies or cookies from a specific website. Opting out of first party cookies may impact your website experience.
While we do not control Ad Networks or what they do with the information they collect, we only work with companies that have agreed to participate in the Network Advertising Initiative (NAI) and abide by NAI principles, which prohibit members from connecting identifying information to information they collect through cookies without explicit consent. Your IP address may be used to identify the general geographical location of your device.
Third Party Cookie Opt Out. You can opt out of receiving ads based on your online behavior either by visiting the Digital Advertising Alliance (DAA) opt-out page at http://www.aboutads.info/choices/, the NAI opt-out page at http://optout.networkadvertising.org/?c=1, or by clicking on the Ad-Choices icon in or near the ad. If you elect to opt out of online behavioral advertising, you will still see ads, but they may not be as relevant to you. Please keep in mind that opting out is cookie-based and will only affect the specific computer and browser on which the opt out cookie is applied. If you delete your browser cookies or if you use a different computer or different browser and want to continue to be opted out of interest-based advertising, you will need to opt out again.
Pixel Tags. Pixel tags, also known as “web beacons”, are used to support the collection of information through cookies and are generally not visible to a website visitor. Cookies placed on your browser, via our website or other websites you visit, communicate with the pixel tag to collect information about your interactions with our website. Pixel tags are also used in email advertising to understand the effectiveness of a particular advertising campaign.
Security Tools. Security tools are used on our Websites to support our authentication processes and detect and prevent fraud. Account information, including Device ID and IP Address, is collected when a visitor registers for Kount services or logs in to their existing Kount account. Data captured by security tools is segregated from other data captured through our Websites and is only used to support our authentication processes or support a fraud investigation.
Do Not Track. Some browsers transmit “do not track” signals to the Websites and other online services with which a user communicates. We currently do not take action in response to these signals.
International Data Transfers
Kount is based in the United States and the personal data held by Kount is stored in the United States. Kount is also part of the Equifax global group of companies, with operations and service providers located in other jurisdictions. Your personal data may be accessed by or transferred to such group companies or third parties in other jurisdictions.
We may transfer your personal data to other countries which may not have the same data protection laws as the country in which you initially provided the information, but we will protect your personal data in accordance with this privacy statement, or as otherwise disclosed to you.
We comply with applicable legal requirements when transferring personal data to countries other than the country where you are located. If you are located in the European Economic Area (EEA), we will transfer your personal data in accordance with adequacy decisions, standard contractual clauses, and other approved data transfer mechanisms.
Kount websites and services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us at firstname.lastname@example.org. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
Safeguarding your Personal Data
Kount maintains industry accepted security safeguards when storing or destroying your personal data in order to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. We regularly review, test, and enhance our systems to ensure they meet accepted industry standards. We also limit the number of employees who may access your personal data on a need-to-know basis. We conduct due diligence on, and impose appropriate security standards for, our members who are permitted to access your information through products or services we offer.
Choices and Control over your Information
Your rights to control your personal data.
General. Kount complies with data subject rights in the jurisdictions in which it operates. Depending on the jurisdiction from which your personal data was collected, you may have rights under applicable law which you may exercise by contacting us at the address below.
Access, Rectification, Erasure, and Restriction
Subject to the requirements of applicable laws and certain limitations or exceptions, you may have the right to:
- Access your personal data and be provided with certain information in relation to it, such as the purpose for which it is processed;
- Require us to correct any inaccuracies in your personal data without undue delay;
- Require us to erase your personal data (please be aware that the right of erasure under data protection law is not an absolute right as it only applies in relation to one or more specific circumstances);
- Require us to restrict the processing of your personal data;
- Receive the personal data which you have provided to us in a machine readable format, where we are processing it on the basis consent or to comply with a contract with you (please see the above tables) and such processing is automated; and
- Object to a decision that we make which is based solely on automated processing of your personal data.
If you would like to exercise any of these rights, please contact us at:
Chief Privacy Officer
1550 Peachtree Street, NW, Atlanta, GA 30309
We will process such requests in accordance with applicable laws. To protect your privacy, Kount will take steps to verify your identity before fulfilling your request.
Changes to this Privacy Statement
We may change this online privacy statement in the future. If we make changes to this privacy statement we will post the revised privacy statement and its effective date on this website.
If you have questions or comments about this privacy statement, please contact us at the below address.
Chief Privacy and Compliance Officer
1550 Peachtree Street, NW, Atlanta, GA 30309
European Data Protection Officer
Data Protection Officer
PO Box 10036, Leicester, LE3 4FS.