Talk to an Expert
Kount Privacy Policy
Last Updated: November 2024
This privacy statement describes how Kount Inc., an Equifax Company (collectively, “Kount”, “we”, “us”, “our”), collects, uses, and shares personal data provided to Kount by merchants and other users of Kount products for providing global fraud prevention and related services. Kount is committed to maintaining the privacy of personal data under its control, including personal data that you provide to us when using any of our online services, including Kount.com, Kount.net, and/or Kount services linked to Kount.com (collectively “websites”).
Definitions
“Personal data” is any information that relates to an identifiable natural person. Your name, address, contact details and financial data are all examples. The term “process” means any activity relating to personal data, including (for example) its collection, storage, transfer or other use.
Kount is a “Controller” of your personal data. This means that we make decisions about how and why we process your personal data and because of this, we are responsible for making sure that it is used in accordance with data protection laws.
Personal Data Collected
Depending on your use of our websites or services, any services provided by Kount clients which utilize our services, and any contact you may have with us (whether through our websites or otherwise) we may collect and/or receive the following types of personal data:
Information You Provide to Us
Contact Information. When you submit information to Kount, we may collect personal data from you which may include your name, address, and email address. We do not knowingly collect personal data from persons under the age of 18.
Communications With Us. We may collect personal data from you such as email address, phone number, or mailing address when you request information about our services, request customer or technical support, or otherwise communicate with us.
Interactive Features. We may offer interactive features such as chat services, forums, and social media pages. We may collect information you submit or make available through these features.
Conferences and Trade Shows. We may attend conferences and trade shows where we collect personal data from individuals who interact with, or express an interest, in Kount and/or the services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Information We Collect from You
Website Usage Information. We automatically collect IP addresses and website usage information from you when you access any of our online services. This information helps us evaluate how our visitors and subscribers use and navigate our websites on an aggregate basis, including but not limited to, the number and frequency of visitors and subscribers to each web page, and the length of their visits.
Information Collected via Cookies. We define a cookie as any string of data that is automatically stored on your computer upon access to our online services. Kount employs cookies to assign temporary identification numbers to machines that access our web servers. This information enables us to deliver faster service to our subscribers, prevent denial of service attacks on our systems, and detect and prevent fraudulent transactions.
All Kount cookies are:
- Of limited duration
- Less than 5KB in length
- Only visible to Kount web servers.
Information We Collect about You
Transaction Information. When you transact with merchants that are clients of Kount, Kount and its third-party service providers may process your name, mailing address, email address, and telephone number, together with financial and payment card information used to facilitate a transaction that you request. Additionally, Kount and its third-party service providers may collect information regarding your purchasing activities.
We use this information to detect spending patterns that may indicate potential fraud and generate flags which we link to the device used by you for a transaction. These flags and any other indications of possible fraud will be made available to our clients when an individual or device suspected of fraud attempts to complete a transaction.
Device Information. Kount and its third-party service providers may collect information about the device you use to purchase goods and services, including your IP address, type of device, type of browser, device name, and geographic location.
Legal Basis for Collecting and Using your Personal Data
Kount will collect personal data from you only where we have a lawful basis to do so. The majority of our processing is on the lawful basis of legitimate interest, though we may also process data with your consent to do so, or where we need the personal data to perform a contract with you, or where we have a legal obligation to process your data.
The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.
| Purposes of processing | Legal Obligation | Legitimate Interest |
|---|---|---|
| Use of your information to identify potentially fraudulent issues at point of application or purchase. | ✔ It is in our legitimate interest to prevent fraud. | |
| Use of your information to detect and report suspected incidents of fraud, or for general crime prevention | ✔ It is in our legitimate interest to prevent crime and instances of fraud. | |
| Use of your information to create or validate user identities using linked datasets to identify and prevent fraudulent activity at the point of application or purchase. | ✔ It is in our legitimate interest to prevent crime and instances of fraud. | |
| Using your Contact Information to establish an account for you and respond to your inquiries and/or complaints | ✔ It is in our mutual interest to respond | |
| Using any relevant personal data to establish and enforce our legal rights or to comply with a court order, law enforcement requirement (or other legally mandated request), or legal obligation | ✔ | |
| Using any relevant personal data in relation to managing the proposed or actual sale, restructuring or merging of any or all part(s) of our business | ✔ | ✔ We have legitimate interest in being able to sell or restructure our business and maintain continuity for us or a buyer |
| Using your personal data to provide customer service, support, and enforce our Terms of Use | ✔ It is in our mutual interest | |
| Using your personal data to personalize the content and advertising that you and others see based on personal characteristics or preferences | ✔ It is in our mutual interest |
We may also use your personal data to conduct research and analysis, including to produce anonymous statistical reports. Where appropriate, we will convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable (thereby creating anonymised data). Anonymised data is not personal data and can be used, for example, to help us understand and improve the analytics we undertake of individual transaction data. We may also share anonymised data or the research we produce from our analysis of anonymised data, with third parties.
Disclosures to Protect Us or Others
Except as specifically set forth in this privacy statement, we will not share your personal data outside of Kount. Note that we do not use, rent, or sell any personal data for purposes materially different from those for which it was originally provided. If this practice should change in the future, we will provide individuals with prior notice and instruct them as to how they can exercise their right to opt-out or opt-in, as applicable. We may disclose and use personal data in special circumstances where it is necessary to enforce our service agreements or terms of use (for example to protect our intellectual property rights). We may also disclose or use your personal data when we, in good faith, believe that the law may require us to do so. Please be aware that Kount may be required to disclose an individual’s personal data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Sharing your Personal Data
Affiliates and Third Parties: We may share your personal data with companies that control, are controlled by, or under common control with Kount, as well as selected third parties with whom Kount works. These recipients within and outside our group may be processing your personal data on our behalf as a Service Provider (see below) or they may be processing it for their own purposes as a Controller in their own right.
Additionally, we may share your personal data with the following categories of recipients:
a) Service Providers: We may share your personal data with entities that provide services to us, such as vendors and suppliers that provide technology, services, and/or content for the operation and maintenance of the Kount Services we provide. Access to your personal data by these service providers is limited to the information reasonably necessary for the Service Provider to perform its limited function. We take steps to help ensure that Service Providers keep your personal data confidential and comply with our privacy and security requirements. A current list of Kount’s key Service Providers is available at https://kount.com/legal/privacy/
b) Disclosure for Legal Reasons or as necessary to protect Kount: We may release personal data to other parties: (1) to comply with valid legal requirements such as laws, regulations, search warrants or court orders; (2) in special cases, such as a physical threat to you or others, a threat to public security, or a threat to Kount’s systems or networks; or (3) cases in which Kount believes it is reasonably necessary to investigate or prevent suspected or actual harm, abuse, fraud, or illegal conduct.
c) Changes in Kount’s corporate structure: If all or any part of Kount is sold, merged or otherwise transferred to another entity (including a transfer of assets), your personal data may be transferred as part of that transaction.
Members of the Kount data sharing arrangement
Each organisation that shares fingerprint data with Kount is also entitled to receive similar kinds of data contributed by other organisations. These organisations are typically retail, telecommunications, financial services, leisure, entertainment, and gaming.
Kount may employ third party companies and individuals (‘sub-processors’) to facilitate our service, to provide the service on our behalf, to perform site-related services (including but not limited to maintenance services, database management, web analytics, and improvement of our web sites’ features) or to assist us in analyzing how our web sites and services are used. Kount is committed to partnering with sub-processors that meet or exceed the privacy and security obligations Kount is committed to providing to its clients. These sub-processors have access to your personal data only for purposes of performing these tasks on our behalf. The names and locations of Kount’s sub-processors are available on our Privacy Page.
We may provide relevant personal data to business partners, including cookie identifiers and IP addresses, to provide you with a product or service you have requested. We may also provide this personal data to business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.
Data Retention
Kount only retains your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it.
For example, we will typically retain personal data in relation to our Kount Services for five years after application on behalf of the relevant client/merchant. Additional personal data such as name, email, address, phone number, payment token, or device may be retained for up to 15 years for fraud prevention purposes. Your personal data is not otherwise used for the benefit of any other party or for Kount’s own purposes, outside of Kount’s own analytical purposes.
In some cases, it may be necessary to retain your personal data for different periods. The factors that direct how long we will retain personal data include the following:
a) any laws or regulations that we are required to follow;
b) whether we are in a legal or other type of dispute with each other or any third party;
c) the type of information held about you; and
d) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
For more information regarding our retention periods, please contact us.
Cookies, Pixel Tags, and Other Technology
First Party Cookies. First party cookies are cookies that we have published on our
websites to understand how visitors navigate our websites and improve the performance of our websites. We utilize third-party analytics providers to help us gather information about a visitor’s experience which may include browser type, time spent on our websites, pages clicked, operating system type, device type and ID, and information related to products you ordered. We utilize the information collected through first party cookies to perform website analytics and to update the layout and content of our websites. Third party analytics providers are able to read their own cookies on your device and are contractually restricted in how they can use the information collected.
First Party Cookie Opt Out. If you do not wish to have your information collected through first party cookies on our websites, most browsers allow you to adjust the browser settings to decline particular cookies or cookies from a specific website. Opting out of first party cookies may impact your website experience.
To learn more about controlling information provided to third party analytics providers, click on the following links: Adobe Opt-Out Site, Google Analytics Opt-out Browser Add-on.
Third Party Cookies. Third party cookies are cookies that our partners place on your browser to provide you with customized offers and advertising. We have agreements with companies, sometimes called "Ad Networks," that serve advertising on behalf of other companies. Ad Networks use cookies to understand web usage patterns of people who see advertisements, to control the sequence of advertisements they see, to provide them with the most relevant advertising, and to make sure they do not see the same ad too many times. Ad Networks may connect information about pages visited on our site with information about pages visited on other sites. Ad Networks display advertising based on this combined information, including advertising for our products.
While we do not control Ad Networks or what they do with the information they collect, we only work with companies that have agreed to participate in the Network Advertising Initiative (NAI) and abide by NAI principles, which prohibit members from connecting identifying information to information they collect through cookies without explicit consent. Your IP address may be used to identify the general geographical location of your device.
Third Party Cookie Opt Out. You can opt out of receiving ads based on your online behavior by visiting the Digital Advertising Alliance (DAA) opt-out page at http://www.aboutads.info/choices/, the NAI opt-out page at http://optout.networkadvertising.org/?c=1, or clicking on the Ad-Choices icon in or near the ad. If you elect to opt out of online behavioral advertising (OBA), you will still see ads, but they may not be as relevant to you. The opt out is a browser-based extension that supports opt-outs across both cookies and emerging technologies, such as probabilistic IDs and hashed emails or phone numbers. If you delete your browser cookies, or use a different computer or browser, you will need to opt out again to continue being opted out of OBA. Removing or disabling the browser-based extension will also require you to add or enable the extension again to be opted out of OBA.
Pixel Tags. Pixel tags, also known as “web beacons”, are used to support the collection of information through cookies and are generally not visible to a website visitor. Cookies placed on your browser, via our website or other websites you visit, communicate with the pixel tag to collect information about your interactions with our website. Pixel tags are also used in email advertising to understand the effectiveness of a particular advertising campaign.
Security Tools. Security tools are used on our Websites to support our authentication processes and detect and prevent fraud. Account information, including Device ID and IP Address, is collected when a visitor registers for Kount services or logs in to their existing Kount account. Data captured by security tools is segregated from other data captured through our Websites and is only used to support our authentication processes or support a fraud investigation.
Do Not Track. Some browsers transmit “do not track” signals to the Websites and other online services with which a user communicates. We currently do not take action in response to these signals.
International Data Transfers
Kount is based in the United States and the personal data held by Kount is stored in the United States. Kount is also part of the Equifax global group of companies, with operations and service providers located in other jurisdictions. Your personal data may be accessed by or transferred to such group companies or third parties in other jurisdictions.
We may transfer your personal data to other countries which may not have the same data protection laws as the country in which you initially provided the information, but we will protect your personal data in accordance with this privacy statement, or as otherwise disclosed to you.
We comply with applicable legal requirements when transferring personal data to countries other than the country where you are located. If you are located in the European Economic Area (EEA), we will transfer your personal data in accordance with adequacy decisions, standard contractual clauses, and other approved data transfer mechanisms.
EU-U.S. and the UK Extension to the EU-U.S. Data Privacy Frameworks
Kount complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Equifax, on behalf of Kount, has certified to the U.S. Department of Commerce that it, including its subsidiary Kount, adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. Kount adheres to the EU-U.S. DPF Principles for consumer data. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification (Equifax), please visit https://www.dataprivacyframework.gov/.
Personal data collected from you is stored in the United States. Depending on the service or data use, Kount may also store and process your data in other regions where Kount or its affiliates, subsidiaries, or service providers operate. Kount takes steps to process data we collect in accordance with this Privacy Statement and the requirements of applicable law. Your personal data may be shared with third parties to perform services on our behalf. In the context of an onward transfer, Kount has responsibility for processing personal data it receives under the DPF and subsequently transfers to a third party for external processing. If we transfer personal data received under the DPF to a third party, the third party's access, use, and disclosure of personal data must also be in compliance with our DPF obligations, and we will remain liable under the DPF for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. For information related to the types of data we collect, the purposes for collecting data, the types of third parties we may disclose your data to, and your rights, please refer to the applicable sections of this Privacy Statement.
If you have a question or complaint related to our participation in the DPF, we encourage you to contact us through our Privacy Contact Form or write to the Chief Privacy Officer, Equifax Inc., 1550 Peachtree Street, NW, Atlanta, GA 30309. Please reference “Data Privacy Framework,” when contacting us about the DPF. For any complaints related to the DPF that we cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, and the UK Information Commissioner’s Office for resolving disputes with UK individuals. As further explained in the DPF Principles, binding arbitration is available, under certain conditions, to address residual complaints not resolved by other means. Individuals seeking additional information can visit the DPF Annex I for more information. Kount is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and may be required to disclose personal data we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Children’s Information
Kount websites and services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us at privacy@equifax.com. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
Security
Safeguarding your Personal Data
Kount maintains industry accepted security safeguards when storing or destroying your personal data in order to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. We regularly review, test, and enhance our systems to ensure they meet accepted industry standards. We also limit the number of employees who may access your personal data on a need-to-know basis. We conduct due diligence on, and impose appropriate security standards for, our members who are permitted to access your information through products or services we offer.
Choices and Control over your Information
Your rights to control your personal data.
General. Kount complies with data subject rights in the jurisdictions in which it operates. Depending on the jurisdiction from which your personal data was collected, you may have rights under applicable law which you may exercise by contacting us at the address below.
Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our services, and you will not be able to opt out of those communications (e.g., communications regarding the services or updates to our Terms of Use or this privacy policy).
Access, Rectification, Erasure, and Restriction
Subject to the requirements of applicable laws and certain limitations or exceptions, you may have the right to:
- Access your personal data and be provided with certain information in relation to it, such as the purpose for which it is processed;
- Require us to correct any inaccuracies in your personal data without undue delay;
- Require us to erase your personal data (please be aware that the right of erasure under data protection law is not an absolute right as it only applies in relation to one or more specific circumstances);
- Require us to restrict the processing of your personal data;
- Receive the personal data which you have provided to us in a machine readable format, where we are processing it on the basis consent or to comply with a contract with you (please see the above tables) and such processing is automated; and
- Object to a decision that we make which is based solely on automated processing of your personal data.
If you would like to exercise any of these rights, please contact us at:
US Requests
privacy@equifax.com
or
Chief Privacy Officer
Equifax Inc.
1550 Peachtree Street, NW, Atlanta, GA 30309
EU & UK Requests
European Data Protection Officer
Equifax Ltd
Data Protection Officer
PO Box 10036, Leicester, LE3 4FS.
UKDPO@equifax.com
We will process such requests in accordance with applicable laws. To protect your privacy, Kount will take steps to verify your identity before fulfilling your request.
Changes to this Privacy Statement
We may change this online privacy statement in the future. If we make changes to this privacy statement we will post the revised privacy statement and its effective date on this website.
Contact Us
If you have questions or comments about this privacy statement, please submit an inquiry through our Privacy Contact Form or write to the Chief Privacy Officer at the address below. Please reference "Kount Privacy Statement," when contacting us about this privacy statement.
Chief Privacy and Compliance Officer
Equifax Inc.
1550 Peachtree Street, NW, Atlanta, GA 30309
privacy@equifax.com
European Data Protection Officer
Equifax Ltd
Data Protection Officer
PO Box 10036, Leicester, LE3 4FS.
UKDPO@equifax.com