Our Commitment to GDPR

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (“GDPR”).

Who are we?

Global Data Consortium, Inc. (“GDC”) is the data processor (contact details below). This means it decides how your personal data is processed and for what purposes, although our ability to process your personal data is subject to your rights under the GDPR, which we have described below.

How do we process your personal data?

GDC complies with its obligations under GDPR by keeping personal data up to date where needed based on the purposes for which the personal data is being processed; by not collecting or retaining excessive amounts of data; and by ensuring that appropriate technical measures are in place to protect personal data from loss, alteration, misuse, unauthorized access and disclosure as it is transmitted, stored, or otherwise processed, and by using appropriate measures to securely destroy personal data when it is no longer needed by GDC.

We use your personal data for the following purposes:

• Electronic identity verification, business verification, and address validation services: We use your personal information such as name, address, email address, phone number, and age to verify identities.
• Account setup and administration: We use your personal information such as name, email address, phone number, billing information, and information about a device to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription, and service information.
• Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
• Third-party service providers: We partner with and are supported by service providers around the world. Personal data will be made available to these parties only when necessary to fulfill the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfillment and delivery. Our third-party service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.
• Research and development: We may use personal data for internal research and development purposes and to improve and test the features and functions of our services.

What is the legal basis for processing your personal data?

GDC processes data for the legitimate business interests of the data controllers and processors that require electronic identity verification, business verification, and/or address validation services to facilitate the services they provide.  GDC does not process personal data without a request from a customer.

Special Category Processing Authorities

We do not request or intentionally collect any special data personal data. Any processing of special category personal data is strictly limited to special category personal data manifestly made public by the data subject.

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared only with GDC personnel if necessary for the provision of our services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our personnel are required to follow GDCs data privacy and security policies when handling personal data.

GDC will also share personal data with GDC data partners to support the business need for identity verification, business verification, and address validation services. We will only share your data with third parties with your consent.

How long do we keep your personal data?

GDC’s policy is to retain personal data necessary to provide our services for a period of six (6) years, except that we may retain your personal data for longer periods where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Website Terms of Use or Due Diligence Agreement, or fulfill a request to “unsubscribe” from further messages from us. This policy applies to personal data that you or others provided to us and personal data generated or inferred from your use of our services.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

• The right to request a copy of your personal data which the GDC holds about you;
• The right to request that the GDC correct any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for GDC to retain such data;
• The right to withdraw your consent to the processing at any time;
• The right to request that GDC provide the you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability);
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data (where applicable); and
• The right to lodge a complaint with a data supervisory authority.

Transfer of Data Abroad

GDC will transfer personal data only when there has been a documented adequacy determination, or where GDC has confirmed adequate privacy protections.  If GDC transfers personal data to a third party acting as an agent of GDC, we will also require the third party to have adequate privacy protections in place.

GDC will transfer personal data to and on behalf of clients and third party’s with whom GDC has an existing service agreement or as part of our legal obligations, each of which shall be subject to GDC policies, and only to the extent necessary for purposes of legitimate interests pursued by the data controller (or by a third party).

Automated Decision Making

GDC does not carry out automated decision making or profiling of Data Subjects that could result in legal effects concerning Data Subjects.

Website Metrics

GDC does not automate the roll up of personal data or metrics on its public website(s). Any information on match rate, processing volumes, or “checks completed” are estimates only.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Contact Details

To exercise any relevant rights, ask questions, or make a complaint, please contact GDC via email at gdpr@globaldataconsortium.com, via mail at 1101 Haynes Street Suite 109, Raleigh, NC 27604, or via phone at (888) 949-4389. You may also contact our EU Representative at globaldata@gdprrepresentative.eu.