Effective Date: January 1, 2022

Identity Fraud, Inc. (“IFI” or “We”) is a unique and innovative privacy and security solutions company that operates as a licensed insurance intermediary in the USA. We are in the business of helping you protect your data by promoting prudent cyber and data theft risk management practices. IFI is committed to protecting your privacy and the privacy of its clients. This Privacy Notice describes how IFI collects, uses, and discloses personal information. This Notice applies to any personal information you provide and any personal information we collect from other parties, including your employer or sponsor.

When do we collect your information?

IFI collects personal information when:

• you contact us or we perform services for you
• we provide services for our clients
• you register on our website or email distribution lists
• you RSVP to or attend our events
• you interact with us through social media
• you apply for a job at IFI

What information do we collect?

In the course of interacting with you or providing our products and services, including identity theft related resolution services, IFI may collect information from you or other sources, including your employer or sponsor, which may include the following:

• Name and contact information (e-mail address, mailing address, phone number, mobile number, etc.)
• Insurance policy and claim information
• Government-issued identification and record details (social security number, driver’s license number, motor vehicle record, passport information, etc.)
• Information you provide on a job application or that is obtained under a position-related background check
• Demographic information (date of birth, gender, employment status, benefit coverages, marital status)
• Physical or mental health information
• Criminal record information

How do we use your personal information?

We process personal information that is provided by you or our clients in order to perform our services. The processing of your personal information depends on the type of services we provide, applicable laws, regulatory guidance and professional standards. Where IFI processes your personal information on behalf of a client, such as your employer or sponsor, it is the client’s obligation to ensure that you understand that your personal information will be disclosed to IFI.

All processing of your personal information is justified under a “lawful basis” for processing, including the following:

• your consent
• processing is necessary in order to enter into or perform a contract for you

• processing is necessary for us to comply with legal obligations
• processing is in our legitimate commercial interest, except that our interest may not override your fundamental rights or freedoms
• In limited circumstances, we will use your consent as the basis for processing your personal information, for example, if you are a victim of identity theft and we are providing our services to help remedy your identity theft case
• In limited other circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.

Do we collect information from children?

IFI does not knowingly collect information from children who have not reached the age of consent under relevant data privacy laws. If we learn that we have collected personal information from a child who has not reached the age of consent, we will delete it immediately. We may, however, collect information about children that may be victims of identity theft or cyber related incidents and in an effort to provide a remedy for their incident.

What Information Do We Collect Through Automatic Data Collection Technologies?

As you navigate through and interact with IFI’s websites, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to IFI’s websites, including traffic data, logs, and other communication data and the resources that you access and use on the websites.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.
   

The information IFI collects automatically is only statistical data that helps IFI improve its websites and deliver a better and more personalized service, including by enabling IFI to:

• Estimate audience size and usage patterns.
• Store information about your preferences, allowing IFI to customize its websites according to your individual interests.
• Speed up your searches.
• Recognize you when you return to IFI’s websites.
   

The technologies IFI uses for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of IFI’s websites. Unless you have adjusted your browser setting so that it will refuse cookies, IFI’s system will issue cookies when you direct your browser to IFI’s websites.
• Web Beacons. Pages of IFI’s websites may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit IFI, for example, to count users who have visited those pages or for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

IFI does not collect personal information automatically, but it may tie this information to personal information about you that it collects from other sources or that you provide to IFI.

How long do we retain your personal information?

IFI collects and processes personal information in connection with providing its clients with various services, each of which may be subject to minimum or maximum retention periods, as required by law or IFI’s Record Retention Policy.

IFI also maintains personal information supplied by former clients, and IFI also manages this information in accordance with its Record Retention Policy.

Do we disclose your personal information?

We may share your personal information with IFI’s subsidiaries and affiliates as part of the process of providing services to you or to fulfill the purpose for which you provided it. We may also share your personal information with contractors, service providers, and other third parties that you or IFI has engaged to perform services for you or to otherwise support IFI’s business operations. For example, we may disclosure your information to our and your insurer in the event of an insurance claim. These third parties are contractually bound to keep personal information confidential and use it only for the purposes for which IFI discloses it to them.

IFI may also disclose your personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of IFI’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by IFI is among the assets transferred.

IFI may also disclose your personal information to comply with any court order, law, or legal process, including to respond to any government or regulatory request, to enforce or apply our Terms of Use, or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of IFI or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

Do we transfer your personal information across geographies?

You may be a victim of identity theft or experience a cyber related incident anywhere in the world. For certain services offered by IFI, personal information may be transferred outside of IFI or to third parties that may operate outside of the United States, the United Kingdom, or the European Union. Personal information may be transferred, processed, or stored in countries that are not regarded as ensuring an adequate level of protection for personal information under European or other international or local law. When personal information is transferred to those countries, we put in place standard contractual clauses and other safeguards to help ensure your personal information is protected. For more information about the safeguards we have put in place, please contact us.

How do we protect your information?

IFI protects personal information using physical, electronic, and procedural safeguards that are specifically designed to meet or exceed the requirements of applicable laws. All IFI employees receive training on the importance of protecting personal information, and only authorized employees have access to personal information. Subcontractors and agents are contractually bound to maintain protection of personal information and are not permitted to use the information for any unauthorized purpose.

What choices do you have about your personal information or our communications?

You have certain rights related to the processing of your personal information, including.

• You have the right to unsubscribe from our communications by clicking the “unsubscribe” link in our marketing emails or by contacting us.
• You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

Individuals within the European Union and California residents may have additional personal information rights and choices. Please see Your Rights under GDPR and Additional Information for California Residents for more information.

Your Rights under GDPR

The General Data Protection Regulation (“GDPR”) affords certain rights to individuals in the European Union. Specifically, individuals in the European Union are entitled to the following:

The right to be informed – You have the right to know what personal information IFI processes, how it processes that personal information, and who else may have access to your personal information.

The right to access – You have the right to request that IFI provide you with a copy of your personal information held by IFI. IFI may charge you a small fee for this service.

The right to rectification – You have the right to request that IFI correct any information you believe is inaccurate. You also have the right to request that IFI complete any information you believe is incomplete.

The right to erasure – You have the right to request that IFI erase your personal information, under certain conditions.

The right to restrict processing – You have the right to request that IFI restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to IFI’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that IFI transfer the personal information that it has collected about you to another organization, or directly to you, under certain conditions.

If you make any such request, IFI has one month to respond to you. If you would like to exercise any of these rights, please contact IFI by email at memberservices@identityfraud.com or by mail at IFI Corporate Headquarters as follows: Attention: Privacy Officer, Identity Fraud, Inc., 1990 N California Blvd, FL 8, Walnut Creek, CA 94596.

International Data Transfers – IFI may transfer personal information it has collected from you or about you outside of the European Economic Area (“EEA”). Please be aware that countries outside of the EEA may not have the same level of data protection as your country.

Additional Information for California Residents

Under California’s “Shine the Light” law, you have the right to request and obtain from us once a year an account of your Personal Information we disclosed to third parties for direct marketing purposes. You will receive a notice that will include the categories of Personal Information that was shared (if any) and the names and addresses of all third parties with which the information was shared (if any). IFI does not use technology that accommodates do-not-track signals from your browser. If you are a California Resident and would like to make a request, please contact us via email at memberservices@identityfraud.com.

The California Consumer Privacy Act of 2018 (the “CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to access, delete, and restrict the sale of Personal Information that IFI may collect about its clients, customers, or visitors to its websites. The CCPA defines “Personal Information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Personal Information does not include deidentified or aggregated consumer information. If you are a California resident, you have a right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

1.  Collection and Use of Personal Information

In the 12-months preceding the date the information in this section was last updated, IFI has collected the following categories of Personal Information about consumers, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); and Professional or Employment-Related Information.

IFI obtains these categories of information from you and from our clients to whom we provide services.

2.  Disclosures to Third Parties for a Business Purpose

In the 12-months preceding the date the information in this section was last updated, IFI has disclosed the following categories of Personal Information about consumers for a business purpose, as defined by the CCPA: Identifiers (such as name, postal address, and Internet Protocol (IP) address); Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Customer Records Information (such as name, address, and credit card or debit card number); Protected classification characteristics under California or federal law; Internet or Other Electronic Network Activity Information (such as information regarding a consumer’s interaction with our website); and Professional or Employment-Related Information.

We disclose the categories of personal information listed above to our service providers in connection with the products and services we provide to our customers. We also disclose the categories of personal information listed above to obtain quotes or proposals or to underwrite insurance.

3.  Use of Personal Information

We may use or disclose the personal information we collect to:

• To provide products or services requested by you or by our clients.
• To provide, support, personalize, and develop our websites, products, and services.
• To personalize your website experience.
• To help maintain the safety, security, and integrity of our websites, products and services, databases and other technology assets, and business.
• For testing, research, analysis, and product development, including to develop and improve our websites, products, and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to you when collecting your personal information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of IFI’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by IFI is among the assets transferred.

4.  Sale of Personal Information and Right to Opt-Out

IFI does not sell Personal Information as defined under the CCPA and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. Please note that your right to opt out does not apply to IFI’s sharing of data with service providers, with whom IFI works and who are required to use the data only to perform the services they provide to IFI.

5.  Right to Know and Right to Request Deletion of Personal Information

California residents have the right to request that IFI disclose what Personal Information it collects, uses, and sells, as well as the right to request that IFI delete certain Personal Information that it has collected from you. Once IFI receives and confirms your verifiable request, it will disclose to you, based on the nature of your request: the categories of Personal Information it has collected about you; the categories of sources for the Personal Information it has collected about you; IFI’s business or commercial purpose for collecting that information; the categories of third parties with whom it shares that information; and/or, at your request, the specific pieces of Personal Information IFI collected about you.

IFI may deny your request to delete your Personal Information if retaining the information is necessary for IFI or its service provider(s) to:

1. Complete the transaction for which IFI collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of IFI’s ongoing business relationship with you, or otherwise perform a contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with IFI.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.