Last Revised Jan 1, 2020
IPQualityScore abides by all relevant data privacy laws and is fully compliant with General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) regulations.
IPQualityScore Data Processing Overview
This Data Processing Agreement (herein referred to as the "DPA") forms part of the overall Terms of Service and is made and entered into by and between IPQualityScore LLC, on behalf of itself and its subsidiaries, (herein referred to as "IPQualityScore", "IPQS", "we", "our", "ourselves"), and the Client (herein referred to as "Customer", "Client", "you", "your", "yourself").
"The Services" means any services IPQualityScore may provide to you, collectively or separately, including fraud detection, proxy detection, machine learning, user verification, email verification, transaction scoring, other related services.
"Data Controller" means the Client.
"Data Processor" means IPQualityScore.
"Directive" means the EU Data Protection Directive 95/46/EC (as amended).
"General Data Protection Regulation" means the European Union General Data Protection Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
"Local Data Protection Laws" means any subordinate legislation and regulation implementing the Directive or the General Data Protection Regulation.
"Privacy Laws" means all applicable laws, regulations, and other legal requirements relating to privacy, data security, consumer protection, marketing, promotion, and text messaging, email, and other communications; and the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Data.
"Data Protection Requirements" means the Directive, the General Data Protection Regulation, Local Data Protection Laws, any subordinate legislation and regulation implementing the General Data Protection Regulation, and all Privacy Laws.
"Personal Data" has meaning as given in Article 4 of the General Data Protection Regulation.
"Customer Personal Data" means Personal Data that the Client uploads or otherwise provides IPQualityScore in connection with its use of the Services.
"Personal Data Breach" means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data.
"Process" and its cognates has meaning as given in Article 4 of the General Data Protection Regulation.
Compliance and Use
The Client and IPQualityScore shall comply with their Data Protection Requirements including, to the extent applicable, the General Data Protection Regulation as well as other applicable Privacy Laws. Client intends to use the Services and in the course of doing so will upload or otherwise provide IPQualityScore with Customer Personal Data as required by the nature of the Service provided to the Client.
The Client shall have sole responsibility for the accuracy, quality and processing of Customer Personal Data. IPQualityScore shall not access, use or process Customer Personal Data on behalf of Client except as otherwise required to deliver the Services, provide technical support related to the Services and for maintenance and improvement of the Services unless otherwise directed by Client. The Client shall determine the nature and purpose of Customer Personal Data and the categories of Data Subjects.
Data Access, Modification and Deletion
During the course of using the Services, when Customer Personal Data is uploaded you may access, modify or delete data by logging into the Services using common protocols and tools. Modification and deleting requests may also be made available to your account's fraud specialist, via support ticket, or other written notice. Upon termination or expiry of the Services and upon written request by the Client, IPQualityScore will delete all Customer Personal Data in its possession or control. This requirement shall not apply to the extent that IPQualityScore is required by law to retain some or all of the Client Personal Data.
Cooperation and Data Subjects' Rights
IPQualityScore shall provide reasonable and timely assistance to Client in accordance with this DPA and the Services, to enable Client to respond to a request from a Data Subject to exercise any of its rights under the General Data Protection Regulation (including its rights of access, correction, objection, erasure and data portability, as permitted); and any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with the processing of the Customer Personal Data. In the event that any such request, correspondence, enquiry or complaint is made directly to IPQualityScore, IPQualityScore shall inform the Client providing details of the same unless otherwise prohibited.
Data Protection Impact Assessment
IPQualityScore shall provide the Client with reasonable assistance in support of a data protection impact assessment, solely in relation to Customer Personal Data, this DPA, the Services and where the Client would not otherwise have access to the relevant information.
IPQualityScore shall ensure that appropriate contractual obligations related to confidentiality exist with its personnel and that these survive the termination of engagement.
IPQualityScore ensures that appropriate technical and organizational safeguards exist for the Processing of Personal Data including the hiring of qualified personnel, physical data centre access controls, systems access controls, data access controls, data transmission protocols, systems logging and backup systems.
If IPQualityScore becomes aware of a confirmed Personal Data Breach impacting Customer Personal Data, IPQualityScore shall notify the Client and where possible shall provide reasonable information and cooperation to the Client so that the Client can fulfil any data breach reporting obligations it may have under the General Data Protection Regulation. The Client shall indemnify and keep indemnified IPQualityScore against all losses with respect to any Personal Data Breach due to non-compliance by Client with its Data Protection Requirements or violation of this DPA.
The Client shall comply with its protection, security and other obligations with respect to Personal Data prescribed by Data Protection Requirements for Data Controllers, to the extent applicable, by: establishing and maintaining a procedure for the exercising of the rights of the individuals whose Personal Data are processed by Client; processing only data that has been lawfully and validly collected and ensuring that such data will be relevant and proportionate to the respective uses; ensuring compliance with the provisions of this DPA by its personnel or by any third-party accessing or using Personal Data on its behalf. The Client acknowledges it has reviewed and Consents to IPQualityScore's separate Privacy Notice in relation to the Services and will periodically review the Privacy Notice for any changes and additions.
Audits and Inspections
IPQualityScore shall provide reasonable audit and inspection assistance to Client, if requested in writing to IPQualityScore's address of notice, to verify IPQualityScore's compliance with its obligations under this DPA. Client shall be responsible for any costs incurred by IPQualityScore as the result of providing such assistance. If IPQualityScore declines to cooperate with a reasonable audit or inspection request Client has the rights to terminate this DPA and the Services.
IPQualityScore takes every precaution to safeguard your data and abide by relevant privacy laws. Should you have specific concerns regarding this policy, we can typically accommodate custom agreements and requirements. Any customized Data Processing Agreements between IPQualityScore and the Client will supersede this agreement. This agreement may be updated at any time to include new regulations and standards.
If you require more details or have any questions concerning our Data Processing Agreement, please feel free to contact us.