VERIFACTS PRIVACY POLICY

Last Updated April 26, 2023

There are laws about how businesses can collect and use information from their customers, event participants, or anyone visiting their websites.  These laws set different requirements, but they all relate to the same idea, which is that you have the right to know what information you’re sharing with us, what we’re doing with it, and why.  When the information that we collect identifies you or your household — or if it could identify you or your household — it’s called “personal data.”  We want to, and have to, protect your personal data.  Our Privacy Policy explains how we try to do so, but it’s a long document with a lot to discuss.  So, you can:

  1. Go to the section that has the topic you’re interested in in the table of contents;
  2. Use a keyword search for your topic; or 
  3. Get in touch with us to ask a question, ask us to show you the data we have about you, or ask us to delete your personal data.

1.1 This is the Privacy Policy for VeriFacts, LLC, but we’ll refer to ourselves as “VeriFacts,” or “the Company,” or “us”.  

1.2 We have a Privacy Policy for a few reasons.  First: it’s required by law.  Second, and more important, we want you to understand how we use data so you can make an informed decision about how you share with us, what you share with us, and how we use your information. Finally, our privacy policy sets internal rules for how we use data and holds us accountable: if we don’t tell you what we’re doing here, in the Privacy Policy, we won’t do it at all unless we specifically obtain your permission.

1.3 We want this Privacy Policy to be understandable on its own, but there are concepts, terms, and phrases that have specialized meaning because they come directly from privacy laws.  You can look at the “Further Reading” section to get a clearer idea of what these terms mean.

1.4 We operate in more than one state and specific laws in many places require that specific things are included within a privacy policy.  We believe that including all these requirements throughout a privacy policy makes it harder for the policy to be understood.  As such, we have taken the decision to write this Privacy Policy in the clearest way that we can and include the specific international legal requirements in the “International Rights” section at the end of this Policy.

2.1 This Privacy Policy outlines how VeriFacts collects and processes your personal data through your use of VeriFacts websites, apps, or any other services sponsored or controlled by VeriFacts (a conference or an in-person survey, for instance).  In other words, if we’re collecting personal data in any form, this Privacy Policy applies. 

2.2 Along those lines, VeriFacts is the “Controller” of the personal data it collects, which means we are the entity that decides how to collect, process, and use personal data.

2.3 We’ll provide links to this Privacy Policy wherever we can. You should read this Privacy Policy, think about it, ask questions, and decide if you’re comfortable with it. Also read any other notices or policies we post, so that you can make an informed decision about interacting with us.

2.4 When we make a change to this Privacy Policy, we’ll post a notice for you to review.  This Privacy Policy was last changed on April 25, 2023.

2.4 We are not responsible, though, for links to third party sites that we present to you, either on this website or elsewhere online.  Once you access sites or apps via those links, our Privacy Policy no longer applies, and so you’ll need to read their privacy policies as well.

3.1 Not all data is “personal data” under the law, but a lot of it is, and more than you might think.  Because we operate in more than one jurisdiction, we’ve taken the approach that the broadest definition of personal data is best, because it allows us to explain what we collect more simply.  And so, for VeriFacts purposes, personal data is:

Any information that can, either alone or with other information, be used to identify an actual human person or their household.  

3.2 These are the categories of personal data that we collect:

  • Basic Data” means your name and your email address.  Basic Data is collected only if you elect to provide it to VeriFacts in the course of interacting with us, making a request, asking a question, filling out a form etc. 
  • Transaction Data” is all Basic Data plus any other information related to the movement of financial data through our systems or services.  This means banking data or any other financial information that is not otherwise considered Credit Data. 
  • Technical Data” means any information we collect as we operate our websites and applications, like your IP address when you connect to our websites, your mobile device identifier, what browser you used to access our site and what operating system you’re using, the movement of your mouse on the screen (mouse hovers and clicks, for example) the length of time you spend on our website, any extensions or apps you use along with ours.
  • “Credit Data” means any financial information that we process and can include things like credit scores, transactions, flags, holds, and the like.
  • “Employer Data” means any information we obtain about you from your employers, past and present, when carrying out a request on behalf of one of our clients.  Employer Data means any information the employer provides, including dates of employment, title, pay, reviews, etc.
  • Feedback and Marketing Data” means information that we collect to develop new products or services to potential clients, but is anonymized – which means that although the data is personal data when we collect it from you, it never leaves the company in a way that could identify you. Feedback and Marketing Data is collected whenever you provide the types of feedback described in this section or interact with our marketing materials.  
  • “Third Party Data” means any personal data about you that we obtain – whether by purchasing it or simply receiving it – from anywhere outside of VeriFacts that does not qualify as Credit Data or Transaction Data.  We don’t control how those third parties get their data about you, but we won’t take any personal data about you from a third party unless they can prove to us that they had your data lawfully and properly in the first place and are permitted to share it with us.  Often times, this data is publicly available information like an address, business title, or social media profile, but it could be just about anything.  

3.3 As explained below, we may combine different kinds of personal data in the performance of our services.  We’ll also sometimes combine the personal data you’ve given us with non-personal data.  If the combined data can identify you, we’ll treat it like personal information, even though some parts of the combined data (like the weather) can’t identify you.

3.4 We do not collect any “Special Categories” of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, or information about criminal convictions or offenses. 

We use Cookies and other tracking technology to make our websites operate properly and to provide you with a better experience.  You can control how non-technical cookies operate on our sites by clicking on the cookie banner that appears when you visit one of our sites.

We collect personal data in a variety of ways, depending on how you interact with us, including:

5.1 Direct interactions. You may give us your Basic, Credit, Technical, Transaction, or Feedback and Marketing Data, by interacting with us, as when you:

  • use any of our products or services;
  • sign up to receive information, including marketing information, from us;
  • make a claim based on your account or use of our services or communicate with us about any matter;
  • contact customer support or request technical assistance;
  • access VeriFacts via social media accounts or VeriFacts website(s);
  • enter a promotion or survey;
  • apply for employment with us; or
  • give us feedback or reviews.

5.2 Through automated technologies or interactions. As you interact with our website, we automatically collect Product Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Product Data about you if you visit other websites employing our cookies. 

5.3 From third parties or publicly available sources.  Most typically, this includes financial institutions, although other third parties may also provide us with data.  We may receive personal data about you from various third parties and public sources. 

6.1 We only use personal data when we have a lawful basis for doing so.  Sometimes we rely on your consent to use personal data.  When we do, we will always give you the option to withdraw your consent at any time.

6.2 The following list sets out how we use personal data, and the lawful basis for doing so:

  • Completing a transaction.  We use any and all categories of Personal Data we have which are necessary to complete a transaction at your request.
  • Providing customer service. Depending upon what you contact us for and request, we will use any and all categories of Personal Data we have in order to provide you with customer service.  
  • Creating products for our clients. We may provide your Personal Data to our clients in the financial services industry that engage us as a Service Provider, through a written contract, for the purpose of attempting to confirm and provide verified location information for you. The types of Personal Information we may share with our clients are full name, date of birth and social security number, residential address and phone number, current employer name, address, and phone number, and current employment status. 
  • Developing new products and creating marketing plans. We’ll internally examine any Personal Data we obtain in order to improve our products and services and learn how to create new products and services.  This data never leaves the company, and we don’t use the data to market to anyone else; instead, the insights and marketing/promotional strategies we develop will be based on Personal Data, but won’t share or sell it.  
  • Managing our website and services. We’ll use any category of Personal Data necessary to keep our website and other online services operating properly (fraud detection and prevention, site maintenance and updates, app maintenance and updates, IP logs).  We use this data because we have a legitimate interest in administering/improving our site and apps, running IT services, ensuring network security, preventing fraud and because we need to demonstrate our compliance with data security obligations both as a legal matter and if we are involved in a business reorganization.
  • Creating insights and analysis.  We’ll use Basic Data, Transaction Data, Employer Data, Credit Data, and Feedback and Marketing Data to create analytics and insights for our own use and for the derivative use of our clients.  These derivative insights will not identify you.

6.3 We will only keep your Personal Data for as long as necessary under the circumstances in which we collected it, including our obligation to hold onto it for legal, regulatory, or accounting purposes. If we are able to make data completely anonymous (that is, it can’t be used to identify you), we may keep that data indefinitely for statistical or analytic purposes.

7.1 Cookies
Cookies are small files that track your activity online.  Some of them are purely functional (they allow website to load faster) and some of them are for marketing (tracking how you interact with websites).  We use cookies for both purposes, but you can read more about cookies (and how to block them) in our cookie policy.

7.2 Change of purpose
We only use your Personal Data in the ways we’ve outlined in this Privacy Policy, unless we think there is a reason that we can use it for another purpose that 1) is fair, and 2) is compatible with the original reason we collected it.  We’ll tell you if we need to use your Personal Data for a purpose other than the original purpose for which we collected it

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

7.3 Data retention

We delete or anonymize your Personal Data as soon as it is no longer required for the purposes we have collected unless we are legally required to continue processing or your Personal Data.  The one primary exception here is that, if you ask us to delete your data and “forget” you, or ask us not to contact you, we’ll keep your email address on our master do-not-contact list as proof that we followed you request and so that we can avoid contacting you in the future. 

8.1 Sometimes, we will share your Personal Data with: 

  • Our clients. We provide location and verification services to our clients.  This means that, for example, an employer may ask us to verify a line on your resume stating that you worked at a particular company last year.  We might verify that statement with your Employer Data and pass the relevant information onto your prospective employer.
  • Outside third parties. As explained above, we use outside vendors and service providers to enable our company to function.  The kinds of third parties we share your data with are:
  • Assisting us to fulfill our responsibilities to our clients by providing data regarding a potential consumer location – residential or employment; 
  • Hosting or maintaining our website;  
  • Providing data processing or data security services; or 
  • Providing operational or technical support. 

We’ll also share Personal Data if we buy, sell, transfer, or merge parts of our business with another company.  

  • Regulators. If we are subject to an audit, review, or other inquiry by a properly constituted regulatory agency (like the Federal Trade Commission, for instance), they may require us to share the data we have, including Personal Data.  
  • Subpoenas and legal demands. We have to comply with lawful subpoenas or investigative demands from courts and law enforcement agencies.  

8.2 We share your Personal Data with outside third parties only to enable us to fulfil our part of our contract with you, because you have consented to it, or because it’s necessary for a legal or regulatory requirement.  None of these third parties are allowed to use your Personal Data in any way that is different from the reasons we outline here.

9.1 We are based in the United States and will transfer data from other parts of the world as outlined in this Privacy Policy. 

9.2 We do not market or process data of anyone inside the European Union.

10.1 We work hard to keep your data (and ours) safe.  We use a variety of tools – technological, administrative, and physical – to keep data secure.  These safeguards are designed to ensure that whatever Personal Data we keep is protected against unlawful access or use. Despite our best efforts, however, no security measures are completely impenetrable.

10.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11.1 When you provide us with personal data, you have rights about how we use it, and why.  In some circumstances, those rights are set out in specific legislation like California’s Consumer Privacy Act.  In general, you have the right to:

  • Request access to your personal data.
    • Request correction of your personal data.
    • Request erasure of your personal data.
    • Object to processing of your personal data.
    • Request restriction of processing your personal data.
    • Request transfer of your personal data.
    • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us.

11.2 No fee usually required
In some rare circumstances, you may have to pay a fee regarding a request, but in general you don’t have to pay anything to exercise these data rights.

11.3 What we may need from you
In order to make sure that you’re the person entitled to exercise the rights listed above, we’ll sometimes request information to verify your identity.  We will not ask for more data than is necessary to confirm your identity. 

11.4 Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

As explained above, we may provide links to websites or services operated by third parties. This Privacy Policy does not apply to these third-party websites or services.  If you follow a link to any of these websites or services, please note that these websites or services have their own privacy policies and terms & conditions, and that we do not accept any responsibility or liability for their policies. 

If you have any questions about this Privacy Policy, please contact us:

VeriFacts, LLC

https://vfacts.com

1980 Industrial Dr
Sterling, IL 61081
USA

[email protected]

800-542-7434

Your California Privacy Rights

A. General Overview of CCPA Rights.

The California Consumer Privacy Act (“CCPA”) took effect on January 1, 2020, and grants a new set of privacy rights to California consumers, including:

  • A consumer right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information;
  • A consumer right to access the personal information collected and retained by the business; 
  • A consumer right to require businesses and, by extension, their service providers, to delete personal information, subject to certain exceptions;
  • A consumer right to opt-out of the sale of personal information by directing a business that sells it to stop selling it. A business cannot sell the personal information of a child under the age of 16 unless he/she first provides affirmative opt-in consent, with a parent or guardian required to provide that consent for a child under the age of 13; and
  • A consumer right to non-discrimination in terms of pricing or service for choosing to exercise a privacy right under the CCPA.

A business subject to the CCPA that collects a California consumer’s personal information must, at or before the point of collection, inform the consumer as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used. A service provider that receives or collects the consumer’s personal information on behalf of or at the direction of a business with which it has a qualified written contract, and for the business purpose designated in that contract, may not be required to provide a notice of collection to the consumer, but the service provider may not further disclose the collected personal information or use it for any other purpose, and may not sell it to third parties without first either notifying the consumer and providing  right to opt out of the sale, or obtaining proof that the source of the personal information notified the consumer at or before the time of collection.  

A covered business must disclose and deliver the personal information the business collected about the consumer in response to a verifiable consumer request.

For purposes of the CCPA, “Personal information” does not include:

  • Publicly available information from government records;
  • De-identified or aggregated consumer information; or
  • Information excluded from the CCPA’s scope, such as: 
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

B. Right to Know. 

A business subject to the CCPA must disclose in its privacy policy the personal information it has collected, sold, or disclosed for a business purpose in the past 12 months.

Collection: A business that collects personal information must disclose, in response to a verifiable consumer request, the following:

  • The categories of personal information the business has collected about the consumer;
  • The categories of sources from which that personal information is collected;
  • The business or commercial purpose for collecting or selling personal information collected from consumers;
  • The categories of third parties with which the business shares personal information;
  • The specific pieces of personal information the business has collected about the consumer making the request;

Sale: A business that sells a consumer’s personal information or discloses a consumer’s personal information for a business purpose must disclose, in response to a verifiable consumer request, the following:

  • The categories of personal information the business has collected about the individual consumer
  • The categories of personal information the business has sold about the consumer and categories of third parties to which the personal information was sold by category or categories of personal information for each third party to which the personal information was sold. Or, if the business has not sold any consumer personal information, it must state that fact.
  • The categories of personal information the business has disclosed about the consumer for a business purpose. Or, if the business has not disclosed any consumer personal information for a business purpose, it must state that fact.

C. Right to Delete. 

A California consumer has the right to request that a business delete his/her Personal Information, subject to certain exceptions. Once a request is reasonably verified, the Personal Information requested to be deleted must be removed from the records held by that business, and the business must direct its Service Providers to also delete the information, unless the Personal Information requested to be deleted is subject to an exception. 

A request to delete may be denied if retaining the information is necessary for the business or its Service Providers to:

  • Complete the transaction for which it collected the personal information, provide a good or service requested by the consumer, take action reasonably anticipated within the context of the ongoing business relationship with the consumer, or otherwise perform a contract with the consumer. 
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on the consumer’s relationship with the business.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of the information that are compatible with the context in which the consumer provided it.

D. Right to Non-Discrimination. 

A business must not discriminate against a consumer who exercises his or her CCPA rights. A business may charge different prices or provide a different quality of goods or services, but only if the difference is reasonably related to the value provided to the consumer by the consumer’s data. A business may offer financial incentives to a consumer for the collection, sale, or deletion of personal information on a prior, opt-in consent basis.

E. Right to Opt-Out. 

A business that sells Personal Information to third parties needs to provide notice to consumers and clearly inform the consumers of the right to opt out of the sale. A business that sells Personal Information must provide a “Do Not Sell My Personal Information” link on its internet homepage that links to a webpage that enables the consumer to opt out of any sale of the consumer’s Personal Information.

A business is prohibited from selling the Personal Information of a consumer the business knows is less than 16 years of age, unless:

  • If the child is between 13 and 16 years of age, he or she has affirmatively authorized the sale of his or her Personal Information; or
  • If the child is less than 13 years of age, his or her parent or guardian has affirmatively authorized the sale of his or her Personal Information.

F. Privacy Policy Requirements. 

A business must include in its online privacy policy, or in any California-specific description of consumer privacy rights, the following information, and update the policy no less than every 12 months:

  • A consumer’s CCPA rights, including the right to opt out of the sale of Personal Information and a separate link to a “Do Not Sell My Personal Information” internet Web page if the business sells personal information;
  • The method(s) by which a CCPA request can be submitted; and
  • A list of the categories of Personal Information the business has collected, sold, or disclosed for a business purpose in the preceding 12 months

Exercising Your California Privacy Rights

A. Instructions for Submitting a CCPA Request to VeriFacts.

Should you wish to exercise any of your CCPA rights, such as a Request to Know or a Request to Delete your Personal Information, you may submit your request to VeriFacts using one of the following methods: 

Fill out a Form on our Website: https://vfacts.com/privacy/ccpa-requests/

For CCPA Inquiries Only, Call us, Toll-Free, at: 1-844-797-8656

We will confirm receipt of your Request to Know or Request to Delete within 10 days of receiving it. Along with that confirmation, we also will provide a ticket number for your request, information about how VeriFacts will process and attempt to verify your request, and by when you should expect to receive a response. 

Please be advised that we are only required to respond to your request to know – for access or data portability – two times in any 12-month period.

We are required to keep records of your CCPA request for at least 24 months, including any assigned ticket number, the request date and nature of the request, the manner in which the request was made, the date and nature of our response, and the basis for the denial of the request if the request is denied in whole or in part.  

B. VeriFacts Needs to Verify Your CCPA Request.

VeriFacts needs to be reasonably sure that the person making the request regarding your Personal Information is you, or a representative that you have authorized to make a request on your behalf. 

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or your authority to make a request regarding another person’s Personal Information.  Accordingly, at the time you submit your request, we will request that you provide us certain information, such as your full name, date of birth, and address, that will allow us to attempt to reasonably verify you are either the person about whom we collected personal information or an authorized representative of that person. 

To the extent possible, we will not ask you for new personal information for the purpose of verification, but will instead use the verification data you provide to cross-check information available in our existing records. If we are unable to verify your request without requesting new personal information, we will delete that new information as soon as practical after processing your CCPA request, except as may be required to comply with the CCPA’s request record retention requirements.

We will never require you to create an account with us in order to verify your request. We will only use Personal Information you provide to us during the verification process for the purpose of verifying your identify or your authority to make the request for another person.

Please note that certain requests require different levels of verification, depending on the sensitivity of the information at issue. For example, if you request to know the specific pieces of information we hold, and not just the categories, we will require, in addition to matching data points, your submission of a written declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. In addition, certain pieces of information, such as a social security number, driver’s license number or other government-issued identification number or financial account number, will not be disclosed in response to a CCPA request. 

If you wish to authorize someone else to act on your behalf in connection with your CCPA rights, we must receive proof that this person is authorized to do so. Proof can be provided by a consumer verifying his/her own identity directly with us and then providing written authority for a designated person to act on the consumer’s behalf, or through receipt of a power of attorney or proof that the person is registered with the California Secretary of State as your designated authorized representative. You may also make a verifiable consumer request on behalf of your minor child. 

C. Our Response To Your CCPA Request.

Within 10 days of receipt of your Request to Know or Request to Delete Personal Information, we will provide an initial confirmation of receipt with an assigned ticket number by email or U.S. Mail.   

If you submit a Request to Delete, we will re-confirm your choice to delete the specified information after verifying your request. 

VeriFacts strives to provide a response to a verifiable consumer request within 45 days of receipt of the request, regardless of the time it takes to verify the request. If we need additional time, we will inform you of the reason and length of the extension period (not to exceed 90 days from receipt of your request, in total).  

We will send our response to your request by U.S. mail or email, at your option. Any information we provide will cover only the 12-month period preceding receipt of your request.

If we cannot respond to or comply with your Request to Know or Request to Delete, say because we cannot verify your identity or because an exception applies, we will explain our reasoning and decision in our response. 

For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded, and we have informed you in writing of the reasoning behind a charge and its estimated cost. We will provide a cost estimate before completing your request if we determine that a charge is warranted. 

If you have any questions about VeriFacts’ CCPA compliance practices or a pending CCPA request you have submitted, please contact us as follows, and be prepared to provide your ticket number, if applicable: 

For CCPA Inquiries Only, Call us, Toll-Free, at: 1-844-797-8656

E-mail Us at: [email protected]