- INTRODUCTION
- DATA WE COLLECT
- PROCESSING OF PERSONAL DATA
- HOW DATA IS PROCESSED
- STORAGE OF PERSONAL DATA
- DISCLOSURE/SHARING OF PERSONAL DATA
- CROSS-BORDER TRANSFERS
- YOUR RIGHTS
- AUTOMATED DECISION MAKING
- PROVIDING INFORMATION TO KROLL
- THIRD PARTY WEBSITES OR SERVICES
- CONTACT US
- CALIFORNIA PRIVACY POLICY AND NOTICE
- VIRGINIA PRIVACY NOTICE
Introduction
Kroll Information Assurance, LLC and its affiliates and subsidiaries (collectively “Kroll“), is committed to complying with the applicable data privacy and security requirements in the locations in which it operates. Kroll complies with internationally recognized standards of privacy protection, and with various data privacy laws including, but not limited to, the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), and the Virginia Consumer Data Protection Act (“VCDPA“).
Data will be collected by Kroll Information Assurance, LLC, who will be the Data Controller or Business as those terms are defined under data privacy laws.
This Privacy Notice applies to Kroll’s processing of personal data in the course of providing our Consumer Identity Monitoring, Consumer Credit Monitoring, and Consumer Restoration and Consultation Support Services (collectively “Services”) in the United States via our web portal (“Portal“) and including other interactions, for example via our call center or email in relation to the Portal and Services.
If you are a California resident, please see the California Privacy Policy and Notice section.
If you are a Virginia resident, please see the Virginia Privacy Notice section.
Data We Collect
Kroll collects the following categories of personal data:
Contact data: We may collect information about individuals such as name and contact details (email, phone number, etc.) in order to communicate and facilitate the provision of our services
Services data: Personal data that you provide to Kroll in order to obtain the services, such as identifiers or information you want to have monitored by Kroll.
Website/Portal visitor information: when you visit our website, we may collect information about your visit such as your IP address and the pages you visited. When you use our services, we may collect information on how you use those services. Please see our Website Use and Cookies Policy for additional information.
We require that Clients and other third parties who provide personal information to Kroll must do so in compliance with applicable data privacy regulations.
Processing of Personal Data
We collect personal data to offer and administer the Services. The data you provide to us will be processed in accordance with the purposes specified in this notice, namely:
- In order to provide you with one or more of the Services upon activating your account.
- Operational communications: we may send you updates and alerts related to the Portal or any monitoring you are enrolled in. These communications are operational in nature. For as long as your account is active, you cannot opt out of these types of communications.
- For marketing purposes, to advise you through e-mail, phone call, or post, about other products or services similar to the products or services we have provided to you and that we think will be of interest to you.
- You may opt-out of receiving marketing communications and updates at any time.
- You can manage your receipt of marketing and non-operational communications by clicking on the «unsubscribe» link located on the bottom of Kroll’s marketing emails. Additionally, you may send a request to kroll.privacy@kroll.com.
- For improving Kroll’s communications with you. Emails sent to you by Kroll may include standard tracking, including open and click activities. Kroll may collect information about your activity as you interact with our email messages and related content.
- For operating and improving Kroll’s website and your customer experience. For example, we may collect and analyze data on your use of our website and process it for the purpose of improving our online experience. Please see our Website Use and Cookies Policy for additional information.
- For security purposes. For example, we may use your data to protect Kroll and its third parties against security breaches and to prevent fraud and violation of Kroll’s applicable agreements.
- For complying with obligations provided by laws, current regulations and legislation (e.g. tax regulations, anti-money laundering regulations).
- With your consent. Kroll also processes your data for other purposes if you have provided us consent for such specified purposes, where such other purposes will be clearly provided at the time you provide consent.
How data is processed
We permit only authorized Kroll employees and third-party service providers to have access to your information. Such employees and third-party service providers are appropriately designated and trained to process data only according to the instructions we provide them.
Storage of Personal Data
Kroll will retain personal data for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with Kroll’s Document Retention Schedule.
Disclosure/Sharing of Personal Data
We only share your personal data with your consent or in accordance with this policy. We will not otherwise share, sell or distribute any of the information you provide to us except as described in this Privacy Notice.
- We DO NOT sell personal information or share personal information with non-affiliated entities, other than Service Providers such as vendors, consultants and other service providers who are performing certain services on behalf of Kroll. Such service providers have access to personal data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. Kroll requires these third parties to undertake security measures consistent with the protections specified in this notice.
- We share personal data among Kroll-controlled affiliates and subsidiaries who act for Kroll for the purposes set out in this notice.
- Kroll may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. Where we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so before any personal data is disclosed.
- If Kroll’s business enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.
Cross-Border Transfers of Personal Data
Kroll is a global firm with operations in over 30 countries. Personal information may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this notice, and in compliance with local regulations.
Your Rights
Depending on the laws of the state in which you reside, you may have certain rights under applicable data protection laws, such as the right to request that Kroll provide you with access to your data, correct inaccurate data, erase your data, or otherwise limit how your data is processed.
Please contact kroll.privacy@kroll.com to request to exercise your rights. Please note that Kroll cannot facilitate the exercise of your rights without proper verification of your identity.
Subject to legal considerations or certain exemptions, we may not always be able to address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Automated Decision Making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved. Kroll does not make automated decisions using personal data. If automated decisions are to be made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it.
Providing Information to Kroll
If you choose not to provide certain personal information, it may be an impediment to the exchange of information necessary for the provision of services, and we may not be able to provide you with some services and you may not be able to participate in some of the activities on our website(s).
Third Party Websites or Other Services
We are not responsible for the privacy practices of any non-Kroll operated websites, mobile apps or other digital services, including those that may be linked through Kroll websites or services, and we encourage you to review the privacy policies or notices published thereon.
Contact Us
Please contact us at Kroll with questions, concerns, or complaints:
Kroll Corporate Headquarters55 E 52 Street
New York, NY 10055
California Privacy Policy and Notice
This California Privacy Notice and Policy section supplements the Kroll Portal US Privacy Policy and applies to the personal information of California residents to comply with the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”).
- Categories of Personal Information We Collect
- Sources of Personal Information We Collect
- Business Purposes
- Disclosure of Personal Information to Third Parties
- Selling/Sharing of Personal Information
- Disclosure of Personal Data for our Business Purpose
- Data Retention
- Your Rights
- Contact Us
Categories of Personal Information We Collect
In the past 12 months, we have collected, used, and disclosed for business purposes, the following categories of personal information relating to California residents covered by this policy:
Category | Examples May Include |
Identifiers | Name, alias, postal address, unique personal identifier, online identifier, internet protocol address (IP Address), email address, account name, social security number, driver’s license number, passport number, or other similar identifiers |
Personal Information categories described in California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, bank account number, credit card number, debit card number, or any other financial information |
Protected classification characteristics under federal law | Age, citizenship, marital status, sex |
Commercial information | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies |
Internet/network activity | Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement |
Professional or employment-related information | Current or past job history |
Sources of Personal Information We Collect
- From our client, who has engaged Kroll to offer and/or provide the Services to you
- From you, when you activate the Services and contact us via phone or email related to the Services
- From our partners and third-party data providers, for example when we obtain credit data provided by one or more credit bureaus
- Information we automatically collect when you interact with Kroll websites or the Portal, such as your IP address and the pages you visited or activities you performed
Business Purposes
We collect personal information for our operational purposes in providing the Services. We use personal information for the business purposes set out in the “Processing of Personal Data” section above.
Disclosure of Personal Information to Third Parties
We do not disclose personal information to third parties (not including service providers) unless you direct us to do so, or where required by law.
Selling/Sharing of Personal Information
We do not sell and have not in the preceding 12 months sold personal information. We do not share and have not in the preceding 12 months shared personal information with a third party for cross-context behavioral advertising.
Disclosure of Personal Data for our Business Purposes
Within the last 12 months, we have disclosed Personal Information identified in the “Categories of Personal Information We Collect” section above for business purposes to the following categories of parties:
- Our affiliates, as needed to operate our business and provide services.
- Service providers or contractors, such as vendors, consultants and other service providers who perform certain services on behalf of Kroll, in which case we enter a contract that describes the purpose of processing and requires the recipient to not use it for any purpose except performing the contract.
- Third parties to whom you or your agents request or authorize us to disclose your personal information in connection with the Services.
Data Retention
Kroll will retain personal information for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, and federal regulations, and in accordance with Kroll’s Document Retention Schedule.
Your Rights
Subject to the CCPA, CPRA, and other applicable laws, you have the following rights concerning your data processed by Kroll:
- Deletion: You have the right to request that Kroll erase your personal information, and Kroll will erase such information unless it is reasonably necessary for Kroll to maintain your personal data in accordance with CCPA 1798.105 (d) or 1798.145.
- Correction: You have the right to request that Kroll correct inaccurate personal information, taking into account the nature and purpose of processing the information.
- Access: You have the right to request to access the personal information that Kroll holds about you, including specific pieces of personal information Kroll has collected about you.
- Non-discrimination: Kroll will not discriminate against a consumer because the consumer exercised any of the consumer’s rights under applicable laws
Contact Us
Please contact us if you wish to exercise your rights under CCPA:
Email: kroll.privacy@kroll.com
In Writing: Kroll Compliance and Privacy Office, 167 N. Green St., Floor 12, Chicago, IL 60607
Virginia Privacy Notice
- Categories of Personal Data We Collect
- Purposes for Processing Personal Data
- Sharing of Personal Data with Third Parties
- Selling, Targeted Advertising, and Profiling
- Your Rights
This Virginia Privacy Notice section supplements the Kroll Portal US Privacy Policy and applies to the personal data of Virginia residents in order to comply with the Virginia Consumer Data Protection Act (“VCDPA”), effective January 1, 2023.
Categories of Personal Data We Collect
Contact data: We may collect information about data subjects such as name and contact details (email, phone number, etc.) in order to communicate and facilitate the provision of our service
Services data: Personal data that you provide to Kroll in order to obtain the services, such as identifiers or information you want to have monitored by Kroll.
Website/Portal visitor information: when you visit our website, we may collect information about your visit such as your IP address and the pages you visited. When you use our services we may collect information on how you use those services. Please see our Website Use and Cookies Policy for additional information.
Purposes for Processing Personal Data
We process personal data for our operational purposes in providing the Services. We use personal information for the purposes set out in the “Processing of Personal Data” section above.
Sharing of Personal Data with Third Parties
We do not share personal data with third parties (other than service providers) unless you direct us to do so, or where required by law.
We may share personal data with other parties as follows:
- Our affiliates, as needed to operate our business and provide services.
- Service providers or contractors, such as vendors, consultants and other service providers who perform certain services on behalf of Kroll, in which case we enter a contract that describes the purpose of processing and requires the recipient to not use it for any purpose except performing the contract.
Selling, Targeted Advertising, and Profiling
We do not sell personal data to third parties.
We do not process personal data for targeted advertising purposes (as defined under the VCDPA).
We do not process personal data for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
Your Rights
Subject to the VCDPA and other applicable laws, you have the following rights concerning your data processed by Kroll:
- Deletion: You have the right to request that Kroll erase your personal data, and Kroll will erase such data unless it is reasonably necessary for Kroll to maintain your personal data in accordance VCDPA 59.1-582
- Correction: You have the right to request that Kroll correct inaccurate personal data, taking into account the nature and purpose of processing the information.
- Access: You have the right to request to access or obtain a copy of the personal data that Kroll holds about you
- Non-discrimination: Kroll will not discriminate against a consumer because the consumer exercised any of the consumer’s rights under applicable laws
Please contact us if you wish to exercise your rights under VCDPA or wish to appeal Kroll’s decision with respect to a request to exercise your rights:
Email: kroll.privacy@kroll.com
In Writing: Kroll Compliance and Privacy Office, 167 N. Green St., Floor 12, Chicago, IL 60607
Effective Date: December 20, 2022